From owner-freebsd-security@freebsd.org Thu Mar 25 22:18:00 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E8C5B57D703 for ; Thu, 25 Mar 2021 22:18:00 +0000 (UTC) (envelope-from SRS0=YHqh=IX=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4F5zxz63DGz4l7N for ; Thu, 25 Mar 2021 22:17:59 +0000 (UTC) (envelope-from SRS0=YHqh=IX=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 0994B2840C for ; Thu, 25 Mar 2021 23:17:58 +0100 (CET) Received: from illbsd.quip.test (ip-94-113-69-69.net.upcbroadband.cz [94.113.69.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 7E0A828417 for ; Thu, 25 Mar 2021 23:17:56 +0100 (CET) To: freebsd-security@freebsd.org From: Miroslav Lachman <000.fbsd@quip.cz> Subject: Two high-severity vulnerabilities in OpenSSL Message-ID: Date: Thu, 25 Mar 2021 23:17:54 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4F5zxz63DGz4l7N X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of SRS0=YHqh=IX=quip.cz=000.fbsd@elsa.codelab.cz has no SPF policy when checking 94.124.105.4) smtp.mailfrom=SRS0=YHqh=IX=quip.cz=000.fbsd@elsa.codelab.cz X-Spamd-Result: default: False [0.22 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; NEURAL_HAM_SHORT(-0.97)[-0.974]; FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=YHqh=IX=quip.cz=000.fbsd@elsa.codelab.cz]; RECEIVED_SPAMHAUS_PBL(0.00)[94.113.69.69:received]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[94.124.105.4:from]; MIME_TRACE(0.00)[0:+]; FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=YHqh=IX=quip.cz=000.fbsd@elsa.codelab.cz]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(1.00)[0.998]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[94.124.105.4:from:127.0.2.255]; DMARC_NA(0.00)[quip.cz]; R_SPF_NA(0.00)[no SPF record]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2021 22:18:01 -0000 The OpenSSL Project on Thursday 2021-03-25 announced the release of version 1.1.1k, which patches two high-severity vulnerabilities, including one related to verifying a certificate chain and one that can lead to a server crash. https://www.securityweek.com/openssl-111k-patches-two-high-severity-vulnerabilities The first security hole, tracked as CVE-2021-3450, has been described as a “problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag.” The flaw was discovered by researchers at Akamai. “Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates,” the OpenSSL Project explained in its advisory. The second vulnerability, tracked as CVE-2021-3449 and discovered by employees of telecoms giant Nokia, involves sending a specially crafted renegotiation ClientHello message from a client, and it can be exploited for denial-of-service (DoS) attacks. “If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack,” reads the description of this vulnerability. Servers running OpenSSL 1.1.1 are affected by CVE-2021-3449 if they have TLS 1.2 and renegotiation enabled — this is the default configuration. Some companies have already started informing their customers about these OpenSSL vulnerabilities. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450 https://www.openssl.org/news/vulnerabilities.html Kind regards Miroslav Lachman From owner-freebsd-security@freebsd.org Fri Mar 26 00:05:24 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 241035A8A97 for ; Fri, 26 Mar 2021 00:05:24 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F62Kw0RfBz4s9g; Fri, 26 Mar 2021 00:05:24 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1616717124; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=ImO6Gvgqx5uWkcAGswF5fKpvU9ACj5qT4Zaf8Fjx1C4=; b=TQJyTsH9vzzsn+0hHS7iXBnZy4Hv6n1bFmP1KPWpyE9l05PUZsosgK2ocU7ncjerNnDk++ ckgqccYdwehOCn/A25aatdrFLjH5KOz/5jEmTBEgUI8ZOWxy8mnJUJ8dOkloRXJow0TT// XSp85oWuVbEqS6QSVF+/2akkmEb6yKnOA+L661cVg6ga69x6PZPr1JndEISnZ8c+gD7fIY rliKTpBDt/7Xcek15LdRQKdWPBQQpWgRK1LaVsGdIYujfJKq/Ay9/3mIl0R7XKGCvrdC1N DBDA6CqcORIfHAwbNTKaj4aJmFXurLUetIZlISv9uAyNoK/SsPrblWhpXs8zyQ== Received: by freefall.freebsd.org (Postfix, from userid 945) id F2C6E6428; Fri, 26 Mar 2021 00:05:23 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-21:07.openssl Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20210326000523.F2C6E6428@freefall.freebsd.org> Date: Fri, 26 Mar 2021 00:05:23 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1616717124; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=ImO6Gvgqx5uWkcAGswF5fKpvU9ACj5qT4Zaf8Fjx1C4=; b=rLUS+u9se/5DN8buyCukK9QYne0V0G0TECr/EyUzhLlFnIvfz/06WvfPBNNcAzE4/TLCEK pSLYjYXIhSojeWCNeBYNqkpOWs4NFUnhGfz014MBEcPzNjYtqGDcdoeQCXK4yeVnmjVDd9 7/EO6lk4ScJGinHQwB6IqhbtYVdbAUYZuOpBXNKxjrj/NNEs5DfRpvqAb/2fgcx35zRGKK YMxALkBxxF+E8sE1ByOcjnn2QuF7H2QgT+q8DXPY6yvo+AvzDVpJz4+fzU4crcMvJHPZF0 ZjlCFV+5V11i3eENE1buIkjj+Jx8fKbtLzXRXBwz8bVN6DORGGqhjufmLbd22A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1616717124; a=rsa-sha256; cv=none; b=Mu6qnbWzE8nM7NBTIXKsXobQc3PAPS3vW2o1d5KLsw3NJnB2AX4+SNJcLf6a/XX413//uk aohawZae/cCTu9PFmDUs5+rMcWxgyFXgjg2i3a5/yZ+nBYqnbsRSkRH2Aqb4+wyFSn3mR8 oFDDcnFscqGCC7jwNqdoOjSB5VnKVsPC49fNOngVUBrzXwG2PWtdDM8y2T7R/AYLFQuwcD 4QSyCtg6KQ6eQZlRrSZQHHHswO4EhDQgkQ/POKZh0A4ReILWUuxqZgo/uM4tYzOqjW2RfY Xv/r3cUDsmKGPfSHj7TnkBVzbdWNch02l8RFLghnjWo5sIUOA03ob+H2lPT6mg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2021 00:05:24 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-21:07.openssl Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSL Category: contrib Module: openssl Announced: 2021-03-25 Affects: FreeBSD 12.2 and later Corrected: 2021-03-25 15:45:19 UTC (stable/13, 13.0-STABLE) 2021-03-25 16:25:06 UTC (releng/13.0, 13.0-RC3-p1) 2021-03-25 17:14:46 UTC (stable/12, 12.2-STABLE) 2021-03-25 23:45:45 UTC (releng/12.2, 12.2-RELEASE-p5) CVE Name: CVE-2021-3449, CVE-2021-3450 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit for the Transport Layer Security (TLS) protocol. It is also a general-purpose cryptography library. II. Problem Description This advisory covers two distinct OpenSSL issues: The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. [CVE-2021-3450] A TLSv1.2 renegotiation ClientHello message sent to a TLS server that omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension results in a NULL pointer dereference in the server. [CVE-2021-3449] III. Impact The X509_V_FLAG_X509_STRICT issue can result in a bypass of the check that non-CA certificates must not be able to issue other certificates. The renegotiation issue can result in a crash and a denial of service attack. IV. Workaround For the X509_V_FLAG_X509_STRICT issue, no workaround is available, but software that doesn't explicitly set the X509_V_FLAG_X509_STRICT flag is unaffected. For the renegotiation issue, either turning off TLSv1.2 (as TLSv1.3 is unaffected) or turning off renegotiation on the TLS server mitigates the issue. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 13.x] # fetch https://security.FreeBSD.org/patches/SA-21:07/openssl-13.patch # fetch https://security.FreeBSD.org/patches/SA-21:07/openssl-13.patch.asc # gpg --verify openssl-13.patch.asc [FreeBSD 12.x] # fetch https://security.FreeBSD.org/patches/SA-21:07/openssl-12.patch # fetch https://security.FreeBSD.org/patches/SA-21:07/openssl-12.patch.asc # gpg --verify openssl-12.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/13/ b6c1fdcdf5033d20c61cc77d66f58f31cc65e2ba releng/13.0/ 7d3f5a19f455e0e3fb17ac3f9af288e8c7fffc15 stable/12/ r369521 releng/12.2/ r369523 - ------------------------------------------------------------------------- [FreeBSD 13.x] To see which files were modified by a particular revision, run the following command in a checked out git repository, replacing NNNNNN with the revision hash: # git show --stat NNNNNN Or visit the following URL, replace NNNNNN with the revision hash: [FreeBSD 12.x] To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmBdIi4ACgkQ05eS9J6n 5cJ3lRAAgeIfMDB04FRSVkOr4/GL5hAHwUmTfxJU2oPFJMELYD3NbVJR51fsXuuV bHf1X9xq9jlYLyoLNpG89g1/jVYBPikZl3BraIm8/Rxp3/PeYEbkJKoaVaqdV8Lg fQURad6z3cFSFTiZXuDaSvcXzuT5X/0U+UFncSsQJ2oF6YqWtAQzilTyti7mWxDR /j0pS10GDmiEbHI/XVt683rNPhlzvha+npzpLhY+PFUQ4gwUQJrJVwoYHbPYEV2M KngxHQ/P1u3jBnAtreEbfCEOfQYmhj7mNPMUl4KWRTvPsczTVohx4X96zi+rXgBw RqNntzhLsRYsKGP4xgRmuIQjNA+udctCjrz1vDioZkG8YOYBWK9ygr7OwEyRWYar 65kykuQhKmqGqCx+r/rw7WzxwkJH+9fNKkQ+27mv7ibfqS8yD+CfELb+7aepuxGj r8o2wLk+hfWttCV2fN3GIPhYAoU3UlvNWIMvxJXP8KL9Hf5JCte2ePKzVFLoYsQK rdizxBhgngbWEISghZdmm2Qx4vG714z2bkmOjRn3muvZ5B2o9xP45Auj7nA3hZN1 ET3jSWJHWutZds5wWlHfL7m4xr39D6BR/+6F1cmgmKr5O5YNSGWYEIqnh2G65KrM ULNSgrlOfDr4oodovCXeRxXOplINMFNU4b4OpgyIQNvGysyLle0= =+CMP -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Fri Mar 26 12:14:07 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 14CA75BD885 for ; Fri, 26 Mar 2021 12:14:07 +0000 (UTC) (envelope-from ish@amail.plala.or.jp) Received: from msc12.plala.or.jp (msc12.plala.or.jp [60.36.166.22]) by mx1.freebsd.org (Postfix) with ESMTP id 4F6LVj1gMJz4b8n for ; Fri, 26 Mar 2021 12:14:04 +0000 (UTC) (envelope-from ish@amail.plala.or.jp) Received: from localhost ([2400:4050:9320:7a00::8]) by msc12.plala.or.jp with ESMTP id <20210326121401.JGFY11525.msc12.plala.or.jp@localhost> for ; Fri, 26 Mar 2021 21:14:01 +0900 Date: Fri, 26 Mar 2021 21:13:57 +0900 (JST) Message-Id: <20210326.211357.1832240513952593947.ish@amail.plala.or.jp> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:07.openssl From: Masachika ISHIZUKA In-Reply-To: <20210326000523.F2C6E6428@freefall.freebsd.org> References: <20210326000523.F2C6E6428@freefall.freebsd.org> X-Mailer: Mew version 6.8 on Emacs 27.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-VirusScan: Outbound; mvir-ac12; Fri, 26 Mar 2021 21:14:02 +0900 X-Rspamd-Queue-Id: 4F6LVj1gMJz4b8n X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of ish@amail.plala.or.jp designates 60.36.166.22 as permitted sender) smtp.mailfrom=ish@amail.plala.or.jp X-Spamd-Result: default: False [-1.70 / 15.00]; ARC_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[60.36.166.22:from]; NEURAL_HAM_MEDIUM(-1.00)[-0.999]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[60.36.166.22:from:127.0.2.255]; DMARC_NA(0.00)[plala.or.jp]; R_SPF_ALLOW(-0.20)[+ip4:60.36.166.0/24]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.996]; MID_CONTAINS_FROM(1.00)[]; RCVD_IN_DNSWL_NONE(0.00)[60.36.166.22:from]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:4713, ipnet:60.32.0.0/12, country:JP]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2021 12:14:07 -0000 > FreeBSD-SA-21:07.openssl > [snip] > > # freebsd-update fetch > # freebsd-update install I did above on 13.0-RC3 and rebooted. But 'motd', 'uname -a', 'freebsd-version -uk' shows 13.0-RC3, not 13.0-RC3-p1. -- Masachika ISHIZUKA From owner-freebsd-security@freebsd.org Fri Mar 26 14:17:19 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AEB105787AA for ; Fri, 26 Mar 2021 14:17:19 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F6PDv0F5bz4kSB for ; Fri, 26 Mar 2021 14:17:18 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qk1-x72d.google.com with SMTP id z10so5288880qkz.13 for ; Fri, 26 Mar 2021 07:17:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=Zq7RoK8KE30ys5enqJau9lk677qQEPwrwot9x4CO/eI=; b=hFfoWiF6sYhUzl2lhHBKkehsWz414D0Vbgny5NcE2jcn+jqS9wAOxavJjtuGiZ6EjF lSuzDQer4EJ1+e6UYTIM88HexTPS3BT8KkQwXub5K6eBPAe3dEoAm+GEiQjLqa2oV5zP ITLiGjBRZlGQsZ3KhREgLMvWCcMqXRYGDBJetwmqZeqOYVWsfTDXjlRlRP4hu1mT23F0 i3Zs4tKE0xLcvTsvD8550WywbqAQAN+nPRscPsbhv4jmg659CEFYC+Pjxry8quYuIVAP 8cvzWJMgyujLWciNHKC4Tsae3+aSNPq/ZqMjDWBgDSGWz2Ka3xeJx7S7OAEMsUYYiZ6U /WXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=Zq7RoK8KE30ys5enqJau9lk677qQEPwrwot9x4CO/eI=; b=fmQiMYGZXb3UVjSOq+vonQiHSgg86SXfQDV9M2bM0Fx9CQTkfpdFmGlMXUV39gYsH4 HLGI3zZxeieY4wxcyHzeG3JeQCGWAdaBbjlMh2TfThfNDSdKA+2WBumMqaMfsbROLP85 IBFVaAcqgaTSy5ISX5irXlXnTDOQTEV6vPbItzaa7TUBk0W60EvulKc2cKxo1tC6hXWs W+e92em6qICtRdqto2Va0PfOavUvnd2keqs8W8/i3Y6MTk48pDB/59j4lz5DtYgrje1h atvntd6T+yF8o3ymWKx58TZTyz1YoNZc1JDEwiYCxuOV110Mr91FDcOKhWHmWzfSSQGI NEtA== X-Gm-Message-State: AOAM532zduWepq6eM/+IBq2pCNOwgeIXkbpYyXffjxOdio3jVY3p5cPY SBMedGKW85MiH6DHIdpgxbgR49kelO/OtPC9Ppgh9xcWu2QN8s80Br2qBDdRglb16K0NA3QW7Ep IINS+kzSlOG5kRfYjrC54bkcPDKMZ/Z6sJHBuPi/Tlc5Zbrh5fQL17QHDXzM1olNbJqe6oXttz4 ET5F8kgOJP1KA= X-Google-Smtp-Source: ABdhPJygjF3vgEpQ0XHTkxLkOJjjHnOscRyW7SwKgIhKlBN32S1vRR6nUNJt9Xsb825sAjywoK2GIg== X-Received: by 2002:a05:620a:55d:: with SMTP id o29mr13872896qko.253.1616768237855; Fri, 26 Mar 2021 07:17:17 -0700 (PDT) Received: from mutt-hbsd (pool-100-16-222-53.bltmmd.fios.verizon.net. [100.16.222.53]) by smtp.gmail.com with ESMTPSA id d68sm6798056qkf.93.2021.03.26.07.17.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Mar 2021 07:17:17 -0700 (PDT) Date: Fri, 26 Mar 2021 10:17:16 -0400 From: Shawn Webb To: freebsd-security@freebsd.org Cc: FreeBSD Security Advisories Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:07.openssl Message-ID: <20210326141716.zurvwj7octagfupg@mutt-hbsd> X-Operating-System: FreeBSD mutt-hbsd 14.0-CURRENT-HBSD FreeBSD 14.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <20210326000523.F2C6E6428@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="cvk4vgbn3huamglj" Content-Disposition: inline In-Reply-To: <20210326000523.F2C6E6428@freefall.freebsd.org> X-Rspamd-Queue-Id: 4F6PDv0F5bz4kSB X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hardenedbsd.org header.s=google header.b=hFfoWiF6; dmarc=none; spf=pass (mx1.freebsd.org: domain of shawn.webb@hardenedbsd.org designates 2607:f8b0:4864:20::72d as permitted sender) smtp.mailfrom=shawn.webb@hardenedbsd.org X-Spamd-Result: default: False [-4.97 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[hardenedbsd.org:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.87)[-0.871]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::72d:from]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RECEIVED_SPAMHAUS_PBL(0.00)[100.16.222.53:received]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[hardenedbsd.org]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::72d:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::72d:from]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2021 14:17:19 -0000 --cvk4vgbn3huamglj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 26, 2021 at 12:05:23AM +0000, FreeBSD Security Advisories wrote: > A TLSv1.2 renegotiation ClientHello message sent to a TLS server that omi= ts > the signature_algorithms extension (where it was present in the initial > ClientHello), but includes a signature_algorithms_cert extension results = in a > NULL pointer dereference in the server. [CVE-2021-3449] >=20 > III. Impact >=20 > The X509_V_FLAG_X509_STRICT issue can result in a bypass of the check that > non-CA certificates must not be able to issue other certificates. >=20 > The renegotiation issue can result in a crash and a denial of service att= ack. Hey all, Has anyone looked at if/how setting map_at_zero=3D1 impacts the null ptr deref issue? Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --cvk4vgbn3huamglj Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmBd7OkACgkQ/y5nonf4 4frrmxAAlzyafFUlwtJ5soaz2J9of7fdiKJ3PwrJvlwDmSoPtJya2omD9pX0IL7f OLkTFCzWMjrkRvjpKU8ZUzfQEST9eeVvRrMxysiT+SMC1OxB7RK4+WCzZ0lJEJNz lxn/BvFPABa2k4jGiZTfghW3BiCYiwBmHcptc0xqO3r9Ng9OqBdYwUFrar/ByCgC vZMSPpPJ65LxOvFn3vnw3geZZ2MF0+zvyJ3FN352g+t+GpB/HSBLY55x1Fb+kj2M hQvLdFH8h9SelV9Wtny1fi/tecZgFR8ZL/C7A/tFMAQ9fqASDXmCTy4vGgfaqvpx dpnr6ZZLuXdz2dWgttP0Pgf7xGi7yfV4z+74aBVQx0zoJdZElgjToOVc/HubDt3T SZ9QLv2b5yJikS2DAZZI7nYfWaeJiDmBGVi9aPEFJyU3pdYkJlEeTpbIB9+JFJsn OrVrg7DuaAAEdxItHAhYn7sjLP/l1b9cn8PEbpjYJ5+L8hiBywg+ARnxy/hy4HfO rw6yqmHb59YZT7a9Gt1wnguNZEEglD28WCFDAbdBqRon0orofLQde4rRm4O6Od8z kTpr10ZpAhYnOceTZsIq3QmqPy7YD2DBaZJJ8sVCyQhM4k0w9DnlxE6dbxC8VUCs Uj7G6/RgbCL50M8lCoSJO+16ri9VCQAZh/Y6PL7B6sfgjE/qqBo= =Iba9 -----END PGP SIGNATURE----- --cvk4vgbn3huamglj-- From owner-freebsd-security@freebsd.org Fri Mar 26 16:10:35 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C6F0857B94E for ; Fri, 26 Mar 2021 16:10:35 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [209.237.23.5]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F6RlZ6L0Zz4sFW for ; Fri, 26 Mar 2021 16:10:34 +0000 (UTC) (envelope-from marquis@roble.com) Received: from roble.com (roble.com [209.237.23.50]) by mx5.roble.com (Postfix) with ESMTP id 948757BC16 for ; Fri, 26 Mar 2021 09:10:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=roble.com; s=rs060402; t=1616775032; bh=s72wHE63ruioUtkq3AFG4TuG0YpPEKi7TVZ4eJoi4+o=; h=Date:From:To:Subject; b=AW80r93L9TghM/WfeCUPGblxdKQcGz8l9BkXxj7ZW1LETM3e26g//mgujKXNHoOIb kYn2vM7yoYU8eCjfwmiLqG/2i8JXJN9V21M4ZrjPkXxENImCtnXXByaagpL52C0wPM tJONVhvobRkXxHRM0voSU+LQSmiGcoRAPocMx1mM= Date: Fri, 26 Mar 2021 09:10:32 -0700 (PDT) From: Roger Marquis To: freebsd-security@freebsd.org Subject: Re: Buffer overruns, license violations, and bad code: FreeBSD 13s close call Message-ID: MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-Rspamd-Queue-Id: 4F6RlZ6L0Zz4sFW X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=roble.com header.s=rs060402 header.b=AW80r93L; dmarc=pass (policy=none) header.from=roble.com; spf=pass (mx1.freebsd.org: domain of marquis@roble.com designates 209.237.23.5 as permitted sender) smtp.mailfrom=marquis@roble.com X-Spamd-Result: default: False [-1.00 / 15.00]; FAKE_REPLY(1.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[209.237.23.5:from]; R_DKIM_ALLOW(-0.20)[roble.com:s=rs060402]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.237.23.0/24]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[209.237.23.5:from:127.0.2.255]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_SPAM_SHORT(1.00)[1.000]; DKIM_TRACE(0.00)[roble.com:+]; DMARC_POLICY_ALLOW(-0.50)[roble.com,none]; NEURAL_HAM_LONG(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:17403, ipnet:209.237.0.0/18, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2021 16:10:35 -0000 Surprised there's been no mention of wireguard in this list, particularly given the threads on other forums. That said it is good to finally have a third-party analysis of the issue. See today's Ars Technica for Jim Salter's take: The only downside, no idea how it got by Ars' editors, is an irrelevant side-thread on 'Macy's record as a landlord. That aside the article is a must-read for anyone concerned with FreeBSD security. Roger Marquis From owner-freebsd-security@freebsd.org Fri Mar 26 21:47:25 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CA8F55ADEDA for ; Fri, 26 Mar 2021 21:47:25 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor.nl2k.ab.ca (doctor.nl2k.ab.ca [204.209.81.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4F6bDF2HrXz3nfw for ; Fri, 26 Mar 2021 21:47:25 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lPtyp-000Mim-Df; Fri, 26 Mar 2021 15:26:55 -0600 Date: Fri, 26 Mar 2021 15:26:55 -0600 From: The Doctor To: Masachika ISHIZUKA Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:07.openssl Message-ID: References: <20210326000523.F2C6E6428@freefall.freebsd.org> <20210326.211357.1832240513952593947.ish@amail.plala.or.jp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210326.211357.1832240513952593947.ish@amail.plala.or.jp> X-Rspamd-Queue-Id: 4F6bDF2HrXz3nfw X-Spamd-Bar: ++++++ X-Spamd-Result: default: False [6.96 / 15.00]; ARC_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[204.209.81.1:from]; NEURAL_SPAM_SHORT(0.96)[0.958]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(0.00)[+a:c]; GREYLIST(0.00)[pass,body]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; BAD_REP_POLICIES(0.10)[]; SPAMHAUS_ZRD(0.00)[204.209.81.1:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RBL_VIRUSFREE_BOTNET(2.00)[204.209.81.1:from]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(0.00)[nl2k.ab.ca,quarantine]; NEURAL_SPAM_LONG(1.00)[1.000]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6171, ipnet:204.209.81.0/24, country:CA]; INTRODUCTION(2.00)[]; MAILMAN_DEST(0.00)[freebsd-security]; RCVD_COUNT_TWO(0.00)[2] X-Spam: Yes X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2021 21:47:25 -0000 On Fri, Mar 26, 2021 at 09:13:57PM +0900, Masachika ISHIZUKA wrote: > > FreeBSD-SA-21:07.openssl > > > [snip] > > > > # freebsd-update fetch > > # freebsd-update install > > I did above on 13.0-RC3 and rebooted. > But 'motd', 'uname -a', 'freebsd-version -uk' shows 13.0-RC3, > not 13.0-RC3-p1. > -- > Masachika ISHIZUKA > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" I get e different result uname -a FreeBSD homebox 13.0-RC3-p1 FreeBSD 13.0-RC3-p1 #0: Thu Mar 25 23:44:25 MDT 2021 root@homebox:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b Without discipline, there's no life at all. -Katharine Hepburn From owner-freebsd-security@freebsd.org Fri Mar 26 22:50:21 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 864785AFAD3 for ; Fri, 26 Mar 2021 22:50:21 +0000 (UTC) (envelope-from tatsuki_makino@hotmail.com) Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-oln040092253011.outbound.protection.outlook.com [40.92.253.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F6ccr1pL9z3rW0 for ; Fri, 26 Mar 2021 22:50:19 +0000 (UTC) (envelope-from tatsuki_makino@hotmail.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MMddzK4IJ0//xl8iKdQwCpygEvaoYV64dGJJA1lqM7+LyYCUDCPEPOlEOb6bMskHk2T5QhO41cDZs8fpbI6KMnd+18+3JlzcmtaA1N8zH9W7PH19qi42y/8eS7u4I/VVgCO4SQFMG64/Ikg9JtEoiIzgm2P0oMLKIeZdXtfqmSn1CzjGfiDvo9YMG22RDG9nudyBbuDJeWk72aSAYGj3OeNqHG/gWBGQ6fP7FI9hb7Vk1qHnHpZNp/SURnh/zYsV2vZIduo0f5dOF3P0AXsT/QuLH4o5zksVahnhWM1XSvSv/GmMYvYiYUgP4rPpIx6lRG4fuG4vY6yBxfRJVYtfkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0TvRjmTE8VhvG4Vf/xT0MZS3/lCzqb3Vz4yBmq679+M=; b=QUwv9Ut3FO6Wvf7YXa7+/UMYJij3Ybv24qd5fUcMkIxaM7LiYr+sMmMpwqu6Bn9WgKV+bidd5Nm2RjYqCpPxoMJIxSoRJcmaCr+Bd8BpJyi7YpBux2BpS+M7v1CX5Jy6hKw8zWeYhigEgMluOm91ngQ91Ivkwp/gFDOSiKqOp/RWxk4Nwo0vg8mZlE1Hm6x0F53QRtYxD+owxzKcTSMo7lYXUlaSJ4XtFi2kuOp9K8JpG5hB8omgqqnwkhjJXYIcszSmvDoDSQo2r7ISLmS3rxOF42/11/UiO/vorVw80S26AaeWM40nPbAewT66uasE55QBUvPCya/ebJQZo1Nqww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0TvRjmTE8VhvG4Vf/xT0MZS3/lCzqb3Vz4yBmq679+M=; b=TzzDSuN3AVVWH5jBA4ZIN8AqzzCii+4L454PU33s+/b8bIhNTRjP2JZ9Enywz7LhOQM6K5wTGeRV3g2SHmK5BnaBXQ7elTvw5ecbMxJ/h/lUdaltHH53tNf5BVA3nFi2Bcl5a2Urf2dVfewcJq+vV0bOWre2JJbKBnCeliTzSKIo39WsNf2MUtYamZ7qFXrF+v1gj2YuChlsVDJpkXF0GO3ikHPhg+X/MNhd/rBc9ZfOPlZQJMwNjFRj+DbTaqWTeK+0lKhePzVQMRo3ozDIimnbj5XwSuADCofF6lc9mAhU7d01hlKZANLauWEUqyBluIOiMUqA1VN1dm1ZwmGpog== Received: from PU1APC01FT059.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebe::44) by PU1APC01HT180.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebe::261) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3977.29; Fri, 26 Mar 2021 22:50:15 +0000 Received: from TY2PR02MB4013.apcprd02.prod.outlook.com (2a01:111:e400:7ebe::53) by PU1APC01FT059.mail.protection.outlook.com (2a01:111:e400:7ebe::293) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3977.25 via Frontend Transport; Fri, 26 Mar 2021 22:50:15 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:A27F9C391070D84566B965038002406D653ED2A012E3C2D6BC6ED888FA2BAEE6; UpperCasedChecksum:B3BF1AA82234CF990BEBE6DAD36248444740D357C6EFBE64E1FEAF0C96110934; SizeAsReceived:8805; Count:47 Received: from TY2PR02MB4013.apcprd02.prod.outlook.com ([fe80::191d:b13f:cab:d7e8]) by TY2PR02MB4013.apcprd02.prod.outlook.com ([fe80::191d:b13f:cab:d7e8%7]) with mapi id 15.20.3977.031; Fri, 26 Mar 2021 22:50:15 +0000 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:07.openssl To: The Doctor , Masachika ISHIZUKA Cc: freebsd-security@freebsd.org References: <20210326000523.F2C6E6428@freefall.freebsd.org> <20210326.211357.1832240513952593947.ish@amail.plala.or.jp> From: Tatsuki Makino Message-ID: Date: Sat, 27 Mar 2021 07:50:12 +0900 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.4 In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-TMN: [vwFP20iyvy98ELSxIuCLfcRmJG42v9lT] X-ClientProxiedBy: TYCPR01CA0006.jpnprd01.prod.outlook.com (2603:1096:405::18) To TY2PR02MB4013.apcprd02.prod.outlook.com (2603:1096:404:ec::10) X-Microsoft-Original-Message-ID: <0197bd5a-5865-1288-0aba-f758ceabdc8f@hotmail.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from T4.test (116.83.134.115) by TYCPR01CA0006.jpnprd01.prod.outlook.com (2603:1096:405::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3977.24 via Frontend Transport; Fri, 26 Mar 2021 22:50:15 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 47 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 2b790ff8-701d-4b04-8eb3-08d8f0a98581 X-MS-Exchange-SLBlob-MailProps: KvCwBtHRxSmulunxQp2j6QMAOi3PgW+EPXe0klgdbaRD7l/033igUUHabyavNArtqA4CIi7Fzty90ey8PWHHV8080Ipj4tT4uj8QbcaCOK9M05UrZ7YzLclrnR6twoawtXR7jbJtKzEqHXLCsO62CJWD2MgthM3+YG5M/0zJN/E3BNjePjt6CjckWbcmTr00StQJ4IoOr0uOMjVUWzaX3zPfpArnt+129k8UicZLyVW2ENBWPyKztljlN1iOtZ3cwEbddk38Bcp1Hs0BCMOjaBTmIMnd+OEvkyw0jdA6kDxsjpGbFQU5PpZDRufTE/260kGv9fNo9sZhLLReVV6hMFmfuOZrSU0nsMAgH6VZb/izbiYrQm02qNSaPb44EPipLzWtL5mbrpL0Q2RzuZsdzGTmFsxFPNbBcmwBEpCetGnWf08VKGWf21oNs4YbK/JvKLmY9YmgH9PKovAmpsQpKBbyh2SYDNh3chMYLtunjLaw2Cogeubt7IFc677PTopvi6WsF60iD4x7TJa7IWE70JwJT2qj0H/UUkette1hmPxG3gv1lBsjkOUyyrnOHH1YttPb3wpuFJJUvPEFtLgQGq3Yjugqu7XIhmhhJVMx0BjhUvCGgMywtn6/vhdhf+bDTganGhqcywxhMYlpTTUlShAFG2m7DkbN X-MS-TrafficTypeDiagnostic: PU1APC01HT180: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: fNU562tWIqnaxjFTqWQ/zi4fjURLpMVINcpOr3aHfzPGeqfUfwki03oODOi5fERLSRVgG6vda7hTmbX80I0rRQdF0t3jolRrsHRJxVTCzwq/Z/DW/9JhJNm/XuqZEFvqCvxIH/HKiSZiLMiFpV3lP5+iBqkyPRz8zxKc7r/HVh8adwsd5YfxmzZpImzQTvfexb2XLH2drssbM2IAJpsoebM9WjRYJUEoC5bU7sFnq4ZpCVmWG1nTnN3h4MnsUIsQ6//FowlFrglHxqhn9+jItl9WlpWtxrfs4aYX1YUuj4lbNemWhxigdK7OMjEcAMmuJkPkaz5o5TXgUDZK41l5YPyWSu2D6/E+178qa1Jom4/UI1sSzGwssa2tmXlWlrmX+WoUBMWrZ4wv11vpC01l9g== X-MS-Exchange-AntiSpam-MessageData: uXG39qQKCKEsfp2ZedSEgHZqiY4AOYug91vLhy3Gth4e7A7PYqRLtyg24XucaDRCTz8Ki5Sej6NnR5JU0ug++TT85KX/W54QFYRGrXgULzGC4SV7XtIUGt35Sc2YLcFaFafpzJHxaVCWsRId+aYvvw== X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2b790ff8-701d-4b04-8eb3-08d8f0a98581 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Mar 2021 22:50:15.7402 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: PU1APC01FT059.eop-APC01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PU1APC01HT180 X-Rspamd-Queue-Id: 4F6ccr1pL9z3rW0 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hotmail.com header.s=selector1 header.b=TzzDSuN3; arc=pass (microsoft.com:s=arcselector9901:i=1); dmarc=pass (policy=none) header.from=hotmail.com; spf=pass (mx1.freebsd.org: domain of tatsuki_makino@hotmail.com designates 40.92.253.11 as permitted sender) smtp.mailfrom=tatsuki_makino@hotmail.com X-Spamd-Result: default: False [-2.50 / 15.00]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[hotmail.com]; R_SPF_ALLOW(-0.20)[+ip4:40.92.0.0/15]; DKIM_TRACE(0.00)[hotmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[hotmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[40.92.253.11:from]; FREEMAIL_ENVFROM(0.00)[hotmail.com]; ASN(0.00)[asn:8075, ipnet:40.80.0.0/12, country:US]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; MIME_TRACE(0.00)[0:+]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[hotmail.com:s=selector1]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DWL_DNSWL_NONE(0.00)[hotmail.com:dkim]; FORGED_MUA_SEAMONKEY_MSGID_UNKNOWN(2.50)[]; SPAMHAUS_ZRD(0.00)[40.92.253.11:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[40.92.253.11:from]; RWL_MAILSPIKE_POSSIBLE(0.00)[40.92.253.11:from]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2021 22:50:21 -0000 This is a fix that does not require replacing the kernel, so freebsd-update does not change the kernel. I think the Doctor rebuilt the kernel himself/herself, so there is a -p1. This is a frequent occurrence :) From owner-freebsd-security@freebsd.org Fri Mar 26 22:55:42 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 30F095AFBF2 for ; Fri, 26 Mar 2021 22:55:42 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F6cl13sDTz3sSX for ; Fri, 26 Mar 2021 22:55:41 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: by mail-pl1-x62f.google.com with SMTP id h8so1622669plt.7 for ; Fri, 26 Mar 2021 15:55:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=S0I8sXIl+BYPwb8DjOm/cNZE61tkQw2K+muEbmmCfSI=; b=Zy7qRWrVf8dMog0KpgSfPXrxstDbQuRJ5otQr7hZygOLWhGZW6vsaRye32AnpEsEIL rQOaunDD9OCG1sCNcGc1CdeCM0ccbLStE3hP+gs7FgO/S6Jcct5aCHiACiwtSCfHBXNf //+KVxnev3Ri9GCJWW0NRggoI+c2kyf9ux6tG4WwsOqEXsy03M3Zbss12A5KvA/KM2oA vm1SkyeVwdNgqlmetdxGgx7Ep6kZMwbMlAqLWdEsFKBi5AHsXPCbnga8lQRkjV/xhHCx ejx0ZwGekoj0FOY7BoQMIssoopSvl4uKiwUS/LcEcIXeQwowi04iFnsYnokOmHTgzUqP YVfw== X-Gm-Message-State: AOAM5326ja4er5m2Nmd5gQbgrZTWHBAIU+KJEhReFZW3DLpcv+XUe4bn hKw+UcF+qmSwCr/lHUGpaBas X-Google-Smtp-Source: ABdhPJw/D6GSrc79S0l+XbgCHjgAIZQDLbicG+TqQSVLxmEMSMjMPWsfrSm8BjL51iWPNA7HrlRp2Q== X-Received: by 2002:a17:90b:a04:: with SMTP id gg4mr15997603pjb.51.1616799339961; Fri, 26 Mar 2021 15:55:39 -0700 (PDT) Received: from 2603-8001-5e40-d300-0895-fad0-aad5-e3c0.res6.spectrum.com (2603-8001-5e40-d300-0895-fad0-aad5-e3c0.res6.spectrum.com. [2603:8001:5e40:d300:895:fad0:aad5:e3c0]) by smtp.gmail.com with ESMTPSA id t16sm10253078pfc.204.2021.03.26.15.55.38 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Mar 2021 15:55:39 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\)) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:07.openssl From: Gordon Tetlow In-Reply-To: Date: Fri, 26 Mar 2021 15:55:36 -0700 Cc: The Doctor , Masachika ISHIZUKA , freebsd-security@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20210326000523.F2C6E6428@freefall.freebsd.org> <20210326.211357.1832240513952593947.ish@amail.plala.or.jp> To: Tatsuki Makino X-Mailer: Apple Mail (2.3654.60.0.2.21) X-Rspamd-Queue-Id: 4F6cl13sDTz3sSX X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.49 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[tetlows.org:+]; DMARC_POLICY_ALLOW(-0.50)[tetlows.org,quarantine]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FREEMAIL_TO(0.00)[hotmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::62f:from]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[tetlows.org:s=google]; FREEFALL_USER(0.00)[gordon]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::62f:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::62f:from]; HAS_GOOGLE_REDIR(0.01)[]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2021 22:55:42 -0000 Actually, I'm testing this on a 13.0-RC3 host and am not getting the p1. = This is likely due to the freebsd-update build scripts not properly = messing with the newvers.sh. I'll investigate. Thanks for the report! Gordon > On Mar 26, 2021, at 3:50 PM, Tatsuki Makino = wrote: >=20 > This is a fix that does not require replacing the kernel, so = freebsd-update does not change the kernel. > I think the Doctor rebuilt the kernel himself/herself, so there is a = -p1. >=20 > This is a frequent occurrence :) >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > = https://www.google.com/url?q=3Dhttps://lists.freebsd.org/mailman/listinfo/= freebsd-security&source=3Dgmail-imap&ust=3D1617403828000000&usg=3DAOvVaw3M= irg5ZovHgEQvdI8Vj447 > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org"