From nobody Mon Apr 15 09:09:57 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VJ1bG4fxJz5FfXj for ; Mon, 15 Apr 2024 09:10:02 +0000 (UTC) (envelope-from man130117@outlook.com) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05olkn20810.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::810]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VJ1bF4Zrgz4v67 for ; Mon, 15 Apr 2024 09:10:01 +0000 (UTC) (envelope-from man130117@outlook.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=outlook.com header.s=selector1 header.b=Un3Wq2oz; dmarc=pass (policy=none) header.from=outlook.com; spf=pass (mx1.freebsd.org: domain of man130117@outlook.com designates 2a01:111:f400:7e1a::810 as permitted sender) smtp.mailfrom=man130117@outlook.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=am+QDqCMD+A3ZlJJE5GFV2OIFUt3tfpIdhnupQyksBiZMgOwAtShJWR45uS0hh/Dv90AwLVzUrg6C12KUxConDpT+YkV4k2c+2XISAYX2k+Np1evy+DxSimnwOSSJJ3AYInCejDY47W/STX8WD+YLvpSIx1NoqF7mwh7cgc0bv9ueFpnjvpWfGarXDsq47NbwReFgfizwMG7+wBNlzcM0J2DO52u4dHWMF5NolOK+pjky58XCMg3DTGpBWkJd1pBDpB+ADKZKTc9O6UV3BomqVHlb5JCzr+8q6I611cIKBByEbcBDvr+LX09jYSiqjhXR6TRYmSrIRR0ZLlAA2d92g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=R83NuO2YN68sE21M4stg1g/kSBxW0HDclXPanj2+88w=; b=U6SdrWgWdapxy0FINp0CDPNhgHyPYj7UWRuEwvK5Iwmp+tfeYlFvlRvwTK1g51mL7eUKdHEk7wdllVwzbrzwp8XdOm51dHVEDgRIdY7Atj/o9GVodm8LwLzVUHpPLqf7k+VpdvySFBthMUwIzOz+49pHonZZaJDHxteF4JTnFuBGfNjMLFYldlnTzuuRs5c936WBKwdfFhKQolweIzprLIRDX8SNzDHPL07rvSUcAQm9ETa8tJzT7ckafFSxxIcP8K3DJnH+viLOllPs0rBxhF5cR7ZLx73QcG1uISTEqa3bhvRn8SqL6Te/JKxEvMnRioG/cRcgbpIS5wnZCumnug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=R83NuO2YN68sE21M4stg1g/kSBxW0HDclXPanj2+88w=; b=Un3Wq2ozSIEqVUrBtMGhFRbMdfRHdaJgots8fgrhYIF5omKeZMX3690SPrHIcVslOeDXGV+8bEOGdr8vGPzFTxv7rY1KC40sK5Bn58hnP9D5jVI4H7WDvP/kMGhsJFvWj7lUv00I6mPzFwfADR7DvlZdTNLNzgqA88syaSP4z0HpCPyumi0KN2ICASAZTYFEcWsXcVrufQ9mJejOoIvoRkOThpGESlP+eydYIJ1KzyXR88q27Hr3CjPRal3uMFXsBMIhcIfNXgXx7/1g3nHZKgV6XDlkBlVQkQUX6rIPg1K/le2b8YUB5+d27roWIuNqG5dGOYt+d9bHdFqbOh6QIw== Received: from AM5PR03MB2962.eurprd03.prod.outlook.com (2603:10a6:206:19::17) by VI0PR03MB10282.eurprd03.prod.outlook.com (2603:10a6:800:20d::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.55; Mon, 15 Apr 2024 09:09:57 +0000 Received: from AM5PR03MB2962.eurprd03.prod.outlook.com ([fe80::2088:14e0:30a2:9d0c]) by AM5PR03MB2962.eurprd03.prod.outlook.com ([fe80::2088:14e0:30a2:9d0c%3]) with mapi id 15.20.7409.042; Mon, 15 Apr 2024 09:09:57 +0000 From: =?iso-8859-2?Q?Marek_Anio=B3a?= To: "freebsd-security@freebsd.org" Subject: cpu-microcode-intel-20231114 Thread-Topic: cpu-microcode-intel-20231114 Thread-Index: AQHajxP9aENurjjlX0GCLDoKQdTAiA== Date: Mon, 15 Apr 2024 09:09:57 +0000 Message-ID: Accept-Language: en-US, pl-PL Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [AItPaj9Otu8b35IuTRcSRq//flKPzh/k] x-ms-publictraffictype: Email x-ms-traffictypediagnostic: AM5PR03MB2962:EE_|VI0PR03MB10282:EE_ x-ms-office365-filtering-correlation-id: 6ca7dd97-c908-43ee-f5d0-08dc5d2bd29f x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: O5PwY5OLslzHIVYmcMEm0hGGVNhst3sF6VHkB4RR8KDSfflYEXiDH5wx+eXfoH11SnBxujS4Gb6Z/8+UrYR/lFXgl+mu+uSKfVajuWSzxpz+JfuxEerPDb5A+/cv5s+kzLFYAM6wPfmUcINrWkNUuIRacX7rkf9fcv2Yo5Axfj0bzMEh0N2Vh5SbLO/LXhitJ7grP7w7xQrtrSAo+ELwTNJZ8XsoZFoMLv03u3/mN2gBXgkyz8LhThTWkVqAOqaWeIzVKfAWVVgHyHSB2abZV72GtQ5QpUdeBEviZSbYqQKwR04ge94XKZhhpHhi48Tr0rtU7yXBLd2b+ZGFueyO8vNq3/n5vgVt6cV0IeZR+tF019UrlORmRgQMjcjEz0viK+92qlVw/gnpJvLY4xuHbM7+gZ9w6cUVRQgvSVDv5fdG62PewC3HKyOgLTy7/Rkhnc6NoVqLIDjjM+wkmyhrCWyUOxTv1/v4kf6zFhn8iuVGHl1nOX6H4DTPQlHp4R2X5Km6mqeM/lAXouN4X6/A79zzbYz06qLKt9hlUci3cEolHu6U5uCCh1569EYueXQmRR81nwXPtA+xgw+w60Az5XldsufZuN1mMTisdfYu00tW4QLSDOswDGABvZDo0L2gW3e/wCgH+ap+acc+eXNb6eyQB28nl/FLle6SlKvfMCY= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-2?Q?WkdcCyfc2m3ec8Ldjj5RhO+juj8NOja6OGeO2/+J255feuflRxseaDRlxn?= =?iso-8859-2?Q?WXlp3alhIRUpjJKRDSnhIY5elKxkoHqf8aRQqPeugpNhEbTKo/eWzHrmFY?= =?iso-8859-2?Q?utMIv3RBzPYYs1cajhQ8C4s/8mN6EEzNirWx/+V1sw0OUhJ1vqljin89LY?= =?iso-8859-2?Q?GBx6GPAvJlHXHn8lPHCTdri6iyxG/k10YDTtaGODeY0QoA7HSc3RzgEl1N?= =?iso-8859-2?Q?Mp953c7t/ZdynjkAd9XPXj9I1YRin799bVeVqmlPmYUMkwPB8B/WcKjSbR?= =?iso-8859-2?Q?An7c7gsMxATwMYxKvFRzJjqnsaBtQ392qciZjTfasNQOapH2dczZUDJRM4?= =?iso-8859-2?Q?InzqUcvekeehEeLj1i0NqTlQK43MNi3VXjoScniKxigK30ZjFnh+TVtrIn?= =?iso-8859-2?Q?Miib8a/cDWcDli2DPAd1SjrpZjeO1vhgQqR5vMfw/psP1L6ZUJcickDqix?= =?iso-8859-2?Q?UwALxy8kLNUQMgNW64yXbi4QoIk3NRaH0uLcX7naP7AKCO8TTDE8xvYx7r?= =?iso-8859-2?Q?+x97Jg+F7BjnG0nftzP0HJHH+077ApPWuhXbTbHPxV0dhgFk8r+QNwRcO8?= =?iso-8859-2?Q?RasesBJvow0TG5dDEZGhF7CqkiDcFG+cHIQmsQP4JlcIStUmgq3XYSUh3b?= =?iso-8859-2?Q?kKyat9/M5+uVbNuYFXMFIHIs+cKrrCKlVd7qpHB9kMpCpYX4sOlFZnNaCo?= =?iso-8859-2?Q?rEbGJG0lLDOYbR8iZHESGnfh8uFvzJz32UpU20TzwOOwuwJl2+5ZKOiTZj?= =?iso-8859-2?Q?zy84cg0wo5TUeU+5fSc6VEwI2Ejt6j898oD8YxRKenHS4r7+liwWAVUPN1?= =?iso-8859-2?Q?rJ/TpyI5dpUOJwsnffY2SMtZWdkHbtPTyc71F6D9538EQDmvZonsle/IoC?= =?iso-8859-2?Q?GyPIUbebHTle0vysnRncDKRkPHuPJK1AD98PKDHTCDA/F5rjxqEFhhWYqw?= =?iso-8859-2?Q?E1MbdE7gxxsqhTUijr0zDz3+VZAhz8yx9Eijq79vgOUVbxkXpSg9ULPNoS?= =?iso-8859-2?Q?jYMhzFqCYu0EVYN1e39wiCv7v3J72AD7FjS6+CT5vIRQ/bAL6fUBEHdwn0?= =?iso-8859-2?Q?mz0cQfKYjxPlZTln9g9EHqxKnLR0Zw1g4+bkDZlORxg9679s+VWYYbETaH?= =?iso-8859-2?Q?6aYVLaki7p9l1BPJAG85v8XfX84UfoZubT5PH5btcwVODFwg+CyDRzvoT/?= =?iso-8859-2?Q?6cZYSP759I3HNIFRfP2BKYsOXGnqrAZIkSviuFHh9jiG5psAG7FyeRZMBc?= =?iso-8859-2?Q?nA2ySjT/PgWklN9fmtZTG4/Zu+edUPNUckDL1ULos=3D?= Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AM5PR03MB2962.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 6ca7dd97-c908-43ee-f5d0-08dc5d2bd29f X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2024 09:09:57.8185 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR03MB10282 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.12 / 15.00]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.83)[-0.831]; R_MIXED_CHARSET(0.71)[subject]; DMARC_POLICY_ALLOW(-0.50)[outlook.com,none]; R_DKIM_ALLOW(-0.20)[outlook.com:s=selector1]; R_SPF_ALLOW(-0.20)[+ip6:2a01:111:f400::/48]; MIME_GOOD(-0.10)[text/plain]; DWL_DNSWL_NONE(0.00)[outlook.com:dkim]; RCPT_COUNT_ONE(0.00)[1]; FREEMAIL_FROM(0.00)[outlook.com]; ASN(0.00)[asn:8075, ipnet:2a01:111:f000::/36, country:US]; FREEMAIL_ENVFROM(0.00)[outlook.com]; MISSING_XM_UA(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; TO_DN_EQ_ADDR_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[outlook.com:+] X-Rspamd-Queue-Id: 4VJ1bF4Zrgz4v67 As of 13 March 2024. "pkg audit" reports the following vulnerabilities in F= reeBSD 13.3-RELEASE-p1:=0A= =0A= cpu-microcode-intel-20231114 is vulnerable:=0A= =A0 Intel processors - multiple vulnerabilities=0A= =A0 CVE: CVE-2023-43490=0A= =A0 CVE: CVE-2023-22655=0A= =A0 CVE: CVE-2023-28746=0A= =A0 CVE: CVE-2023-38575=0A= =A0 CVE: CVE-2023-39368=0A= =A0 WWW: https://vuxml.FreeBSD.org/freebsd/b6dd9d93-e09b-11ee-92fc-1c697a61= 6631.html=0A= =0A= Found 1 issue(s) in 1 installed package(s).=0A= =0A= The website https://www.freshports.org/sysutils/cpu-microcode-intel/ shows = that an update to the package appeared the day before (2024-03-12), but the= BINARY package providing THE UPDATE IS STILL NOT AVAILABLE!=0A= =0A= Should this be the case?=0A= Or, should I update the microcode in some other way?=0A= =0A= Marek Anio=B3a=0A= From nobody Mon Apr 15 13:56:03 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VJ7xX6xtQz5GdQH for ; Mon, 15 Apr 2024 13:56:16 +0000 (UTC) (envelope-from martin@lispworks.com) Received: from mail.lispworks.com (mail.lispworks.com [46.17.166.21]) by mx1.freebsd.org (Postfix) with ESMTP id 4VJ7xW72y0z4SDD for ; Mon, 15 Apr 2024 13:56:15 +0000 (UTC) (envelope-from martin@lispworks.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=lispworks.com header.s=default header.b=h7BAQGrU; dmarc=pass (policy=none) header.from=lispworks.com; spf=pass (mx1.freebsd.org: domain of martin@lispworks.com designates 46.17.166.21 as permitted sender) smtp.mailfrom=martin@lispworks.com Received: from lwfs1-cam.cam.lispworks.com (localhost [[UNIX: localhost]]) by lwfs1-cam.cam.lispworks.com (8.17.1/8.17.1) with ESMTP id 43FDu8UY022526 for ; Mon, 15 Apr 2024 14:56:08 +0100 (BST) (envelope-from martin@lispworks.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lispworks.com; s=default; t=1713189368; bh=W9YGJ8DVtCQ+Aw/z2laIOAjmW1z+APST+HYhwNvfCpU=; h=Date:From:To:CC:In-reply-to:Subject:References; b=h7BAQGrUUe2b7r6yL9C6UI+a8lueqkH0LYhEhlbtF/TqPIfxMc39UOqQPvnRE6tev P88HHdsAAKWzQHf/aykvcH+L+1MzDoCw22aroV2+LRwaP9MPTG1cQYoCo3tcIbyns0 AdU1nbpl3HBhY5WV4Y6JJGTFTI6rqRNtUo55wGbfLeaSYqwmJaVpyr0QMTnVqAvA0V QJs+7gXBtB1a5AVyX1fUvo9CorcQQ4g8Pm+S1koAPza7VHJsrL6l3jrulNVhFwkYo3 u8NdPAtntHHTUWHXyAP9NL+I3bL8ViAHBuEW5SD4eE1eyytNK/PKYLtHPP1Ii9Nkl7 f4yEuK93+k7pQ== Received: from higson.cam.lispworks.com (higson.cam.lispworks.com [192.168.1.7]) by lwfs1-cam.cam.lispworks.com (8.17.1/8.17.1) with ESMTP id 43FDu3B1022447; Mon, 15 Apr 2024 14:56:03 +0100 (BST) (envelope-from martin@lispworks.com) Received: from higson.cam.lispworks.com (localhost.localdomain [127.0.0.1]) by higson.cam.lispworks.com (8.14.4) id 43FDu3mX023048; Mon, 15 Apr 2024 14:56:03 +0100 Received: (from martin@localhost) by higson.cam.lispworks.com (8.14.4/8.14.4/Submit) id 43FDu3d7023044; Mon, 15 Apr 2024 14:56:03 +0100 Date: Mon, 15 Apr 2024 14:56:03 +0100 Message-Id: <202404151356.43FDu3d7023044@higson.cam.lispworks.com> From: Martin Simmons To: =?iso-8859-2?Q?Marek_Anio=B3a?= CC: freebsd-security@freebsd.org In-reply-to: (message from =?iso-8859-2?Q?Marek_Anio=B3a?= on Mon, 15 Apr 2024 09:09:57 +0000) Subject: Re: cpu-microcode-intel-20231114 References: List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.10 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.996]; DMARC_POLICY_ALLOW(-0.50)[lispworks.com,none]; R_DKIM_ALLOW(-0.20)[lispworks.com:s=default]; R_SPF_ALLOW(-0.20)[+mx]; RWL_MAILSPIKE_VERYGOOD(-0.20)[46.17.166.21:from]; MIME_GOOD(-0.10)[text/plain]; RCVD_NO_TLS_LAST(0.10)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[martin]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:51055, ipnet:46.17.160.0/21, country:GB]; TO_DN_SOME(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; FREEMAIL_TO(0.00)[outlook.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MISSING_XM_UA(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; RCVD_COUNT_THREE(0.00)[4]; RCPT_COUNT_TWO(0.00)[2]; DKIM_TRACE(0.00)[lispworks.com:+] X-Rspamd-Queue-Id: 4VJ7xW72y0z4SDD >>>>> On Mon, 15 Apr 2024 09:09:57 +0000, =?iso-8859-2?Q?Marek Anio=B3a?= said: > > As of 13 March 2024. "pkg audit" reports the following vulnerabilities in FreeBSD 13.3-RELEASE-p1: > > cpu-microcode-intel-20231114 is vulnerable: >   Intel processors - multiple vulnerabilities >   CVE: CVE-2023-43490 >   CVE: CVE-2023-22655 >   CVE: CVE-2023-28746 >   CVE: CVE-2023-38575 >   CVE: CVE-2023-39368 >   WWW: https://vuxml.FreeBSD.org/freebsd/b6dd9d93-e09b-11ee-92fc-1c697a616631.html > > Found 1 issue(s) in 1 installed package(s). > > The website https://www.freshports.org/sysutils/cpu-microcode-intel/ shows that an update to the package appeared the day before (2024-03-12), but the BINARY package providing THE UPDATE IS STILL NOT AVAILABLE! > > Should this be the case? > Or, should I update the microcode in some other way? pkg search cpu-microcode-intel says the latest version is called cpu-microcode-intel-20240312. I don't know why these packages have dates in their names so they don't upgrade automatically. From nobody Mon Apr 15 14:19:01 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VJ8Rs35Qxz5GghF for ; Mon, 15 Apr 2024 14:19:05 +0000 (UTC) (envelope-from man130117@outlook.com) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04olkn2028.outbound.protection.outlook.com [40.92.75.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VJ8Rs0C83z4cfZ for ; Mon, 15 Apr 2024 14:19:04 +0000 (UTC) (envelope-from man130117@outlook.com) Authentication-Results: mx1.freebsd.org; none ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VuYdASxa5IwjjONfii987/gibr56c2UDouT5Mf1TqWG89v7qOtUJS0qXuADjSygRqofj1bYPRxUSm3XiXPrExsuNolqg8x9diuGozMx5EppPBMDXQ2jKXEWPgE5tTRi/25BRxYwlFhxwbOEGZl9QWFg0AneWZ1FfxtPERVJmBVpwYq4YY2dOaqYLkwX08ArJQJ+bKiDDd6Ms9XM1CBE93X3lzxfQ8qLLmXW0sFjkZeBaN/F8ljyRUwvqQazf1fNmx0YFz6KE5hW2gwz5IuNz0+vGcx9ml5VPSnY17zyF8Ua0q/AoMDZb2yhy5gwnUs9YQyP9Cici6aHatq4NQ9NBAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vU7IBTmq/ZA7CLrYNx3vv9b/0QYfelTiTAuBAzJwDxI=; b=OTmDt0dfoAbg9yddG0GIxxYLwZBA2iYoxLNkR0XaoqHbZkf+uKSkE521vIxDOC+Hh5daB5TfZFGxl76DXtZqwPjCNmOOJGjR0mLkODZghdFHW30JSaGTr7+p4dL4921RoWs/fyB5GpldTeyhKPMxkUrcQaH44O89B7hsehVR9Kg4qP/+ybaOt3EF3ZgxVW+BpJ81bctH0FfTHUKCR9Odbv+irIIUQVgU03UpIAEa/HOJU2j/jHAuPLNw1X1IWBQMmEgCt03AzsJu0V81sap+HWEVhxec+4WFm9y66uLXwsGk+kITD9seEYtvr8YJD0/eHeHX6aWTvFfrw2nnHbh5uA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vU7IBTmq/ZA7CLrYNx3vv9b/0QYfelTiTAuBAzJwDxI=; b=SjI10UOmPw3mKMncOZcDHWr1fdr/w2K5tgxb1Qee9y55/VZi71TwXyB82r26wecWhWscqMYimDWYvfN3n5GDsE5FgnNrJ/YNoiFiPgYIKzzw6d7obD4kDQmXJ1Eafrab1Ltagl442UbdYm1HDdK+97QwBzN2bSfpYfD/9giK+sJbSbuIIaYKDsM46WNPD51gCdzkjjUvGRQy6W3VJtYoUDK3bilbKnI1FhNWYFvfva3RfQS+B/ZIQCNwaRZ1YSzw0c9kMf1IDBMm1ozH7JHipDkdn9xmfn45x+ckyrZhU8xo6CFLNleSKC9LoEJxzEnIQwiWVYCBwNipQwhwZ/tRYA== Received: from VI1PR03MB2973.eurprd03.prod.outlook.com (2603:10a6:802:2e::18) by DU2PR03MB10046.eurprd03.prod.outlook.com (2603:10a6:10:492::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.55; Mon, 15 Apr 2024 14:19:02 +0000 Received: from VI1PR03MB2973.eurprd03.prod.outlook.com ([fe80::af5c:6eb0:6da0:f456]) by VI1PR03MB2973.eurprd03.prod.outlook.com ([fe80::af5c:6eb0:6da0:f456%7]) with mapi id 15.20.7409.053; Mon, 15 Apr 2024 14:19:01 +0000 From: =?iso-8859-2?Q?Marek_Anio=B3a?= To: Martin Simmons CC: "freebsd-security@freebsd.org" Subject: Re: cpu-microcode-intel-20231114 Thread-Topic: cpu-microcode-intel-20231114 Thread-Index: AQHajxP9aENurjjlX0GCLDoKQdTAiLFpWzYpgAADh7A= Date: Mon, 15 Apr 2024 14:19:01 +0000 Message-ID: References: <202404151356.43FDu3d7023044@higson.cam.lispworks.com> In-Reply-To: <202404151356.43FDu3d7023044@higson.cam.lispworks.com> Accept-Language: en-US, pl-PL Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [VmPszM/pFm+X1FF585W8JVR40kA6lZKz] x-ms-publictraffictype: Email x-ms-traffictypediagnostic: VI1PR03MB2973:EE_|DU2PR03MB10046:EE_ x-ms-office365-filtering-correlation-id: 52390b7b-4840-4ed8-5213-08dc5d56ffaf x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: yAZGHicFBUNgZ0Lxjh13SM8dtf/8T5jIxKdisTiFOAl/3f2q6MCIminjkAos7Rh0R2UVjRRlF0HIDKFjGUfwtfq1DXq7eWETSR2HlK9q3D8fjbYCvqXIdZw5dof38QNW5FoRm4lxczRc7KIpyuZAWrwCm/mwNlNtWm3nh4Sw9FI/26ajQUi63G6Dq1j46+r6g293HEpcvosUcMgC0V8KD8oJhqcpGj4Jfkzuw5sJafV1CAj0gPvPDKvIpNoxrnGE74vct3GduK4DNYxpjjbv62tUFhbKpKyCN76QF72WUsI0vvkX8k/7DOb1RdG93n9lzcl2093j9QGyrP48HBnXa7v47zYj0nQshuc3jKEb/WhG9gf4i/uK9dOz5SZUk1FW54fTZKmwPQmKbJqDlmNRQtHHo7SV447GMHSnyl9NyGbu2eWRc8Jpq5gEuCeLnul33UP8MIUBXpWvokl6hvIgwGhoiuNdXLmzvYJfepze3A79QB0F4GFQvsyr+usJemC/2QAJ7LvJghBMIVUQpuEwaKWUwUAjst0ekAdKt5FgG/Wuq32rLy72YwUOefgiwZ0IGayr0mzq/tiiqygEGNTHwoTdyBkfedvUXkDfnX9yfGelzoIVzI9U/0bDnt5zau9JuC4WDxwkB/F8/pyYFcibLok3nySTfx0zr1MxUVzZ1As= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-2?Q?/qwje1EwiiSsqyhklPMRbyK5H6M9w/+By5HCH39jr4oTJFj4PIZ02NMpCw?= =?iso-8859-2?Q?qnpI+OqvX/o8LQFtKX2xQjtCuI957iZGq9MCaG4wBg3d1vDBJFn/c3cWh2?= =?iso-8859-2?Q?5HWwjQkID8CXYo0r317eYcgY0OnvCmb+yW77qorKNad0dVei9piu6SbBhy?= =?iso-8859-2?Q?TUUXg6tbT0wJE4vVpyJ1kI1ZgZusK8cG189bTAmwwG+h9f1UypEBYNQDqa?= =?iso-8859-2?Q?fuKal3GcfJoS+44kvxCZvQUzPBtNJq903TVF1mSy6Q27uAIcZr0ajf2nly?= =?iso-8859-2?Q?mawdVKtViJ3kjgxN+MvBQgHIc4V4cEdfFq5jjGt0L0z9ygLLBuCXh7GN8B?= =?iso-8859-2?Q?hU3WYCKPLtxdBJT5LVsbY/ttOfCy3cYro/zDbEdkeii96LyfXe90ALDN8w?= =?iso-8859-2?Q?echFu1TRJo/03hkPn7h49OfEhyvreIzhBOf5ZnTs6E2ezalk4XYYJb89jN?= =?iso-8859-2?Q?W+1GVniog6mg2La6tB+FI+JFpgCTf0sKIueDcJ1Z41MmPIdgTxrBC52MsB?= =?iso-8859-2?Q?LtYWKeh8fuG9hZ31Mew4dLLReQfRmJJIFPv8kwJKEjHrYT+VEZAHkDyClm?= =?iso-8859-2?Q?vAaf+XiHYkNKJKQ7SsD/ulbRjxfF5OxaHSsvVRjXhO6ieQ8J6PbPlhvGyI?= =?iso-8859-2?Q?z8B7K08H5Un3fUQ2p06GwLNWxaw88kVElJiXbOCm9oFpv5xHyw1orFTgTl?= =?iso-8859-2?Q?yWq1CCeDfVnMLOzGONVbOoRHQ5u1WGq6O82nBc7QdYBA31QJJM0yzFaRQ+?= =?iso-8859-2?Q?QiWaZ9f+cxmro/0S4uVo8SCbjQjbpsvF6KDWxQurjFUEs+ANBLwr004ghU?= =?iso-8859-2?Q?/6u/kdz8KXel+JnTipiytJHTg9+fC3/iv/gqkfUMMTu6RFnTkS76ovkUvh?= =?iso-8859-2?Q?PCU2Oo6fnu+IkyH6bA8pLeIk7ye1a+kg0Eb0bCRHsPBib8ZGIxWe/7ErV8?= =?iso-8859-2?Q?iED5b5alLMy7XWKEOJrTHzUgx5nXR8G/+BRUR2M3ti2231dPRKOs3ABr4P?= =?iso-8859-2?Q?9bS/WjrFULJa5S10ceW9TrKP9pzI4s2xpPlWCVcukdioFiLVQPmrFUOoDo?= =?iso-8859-2?Q?xIiRo/o2dtTOw5sv5uphYqaIDk1bZMy4iRgxcguQW1NVIKEkmkdnp3ZMcc?= =?iso-8859-2?Q?YaOGRUwmPCdY+VOIeNE/gN3qkPuGmfZeTJxcU7BTJvUXGLRKNHNXnwmIOt?= =?iso-8859-2?Q?/lTGwldYWzyOJhd0WidNBB3CgcFd5Of4ZDyCnj/JfuYLYOH156wFt4AbhQ?= =?iso-8859-2?Q?Ajyj14j9ursgNR+HOGvkQxvm6JsSAyejLu+8mRKjY=3D?= Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR03MB2973.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 52390b7b-4840-4ed8-5213-08dc5d56ffaf X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2024 14:19:01.7571 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU2PR03MB10046 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:8075, ipnet:40.80.0.0/12, country:US] X-Rspamd-Queue-Id: 4VJ8Rs0C83z4cfZ No, it only shows the old version:=0A= =0A= =A0 ~ # pkg search cpu-microcode-intel=0A= =A0 cpu-microcode-intel-20231114 =A0 Intel CPU microcode updates=0A= =A0 ~ #=0A= =0A= The latest version (20240312) is not available.=0A= =0A= =0A= =0A= From:=A0Martin Simmons =0A= Sent:=A0Monday, April 15, 2024 15:56=0A= To:=A0Marek Anio=B3a =0A= Cc:=A0freebsd-security@freebsd.org =0A= Subject:=A0Re: cpu-microcode-intel-20231114=0A= =A0=0A= >>>>> On Mon, 15 Apr 2024 09:09:57 +0000, =3D?iso-8859-2?Q?Marek Anio=3DB3a= ?=3D said:=0A= >=0A= > As of 13 March 2024. "pkg audit" reports the following vulnerabilities in= FreeBSD 13.3-RELEASE-p1:=0A= >=0A= > cpu-microcode-intel-20231114 is vulnerable:=0A= > =A0 Intel processors - multiple vulnerabilities=0A= > =A0 CVE: CVE-2023-43490=0A= > =A0 CVE: CVE-2023-22655=0A= > =A0 CVE: CVE-2023-28746=0A= > =A0 CVE: CVE-2023-38575=0A= > =A0 CVE: CVE-2023-39368=0A= > =A0 WWW: https://vuxml.FreeBSD.org/freebsd/b6dd9d93-e09b-11ee-92fc-1c697a= 616631.html=0A= >=0A= > Found 1 issue(s) in 1 installed package(s).=0A= >=0A= > The website https://www.freshports.org/sysutils/cpu-microcode-intel/=A0sh= ows that an update to the package appeared the day before (2024-03-12), but= the BINARY package providing THE UPDATE IS STILL NOT AVAILABLE!=0A= >=0A= > Should this be the case?=0A= > Or, should I update the microcode in some other way?=0A= =0A= pkg search cpu-microcode-intel says the latest version is called=0A= cpu-microcode-intel-20240312.=A0 I don't know why these packages have dates= in=0A= their names so they don't upgrade automatically.= From nobody Mon Apr 15 14:27:46 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VJ8dx5q7zz5GhWx for ; Mon, 15 Apr 2024 14:27:49 +0000 (UTC) (envelope-from infoomatic@gmx.at) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.gmx.net", Issuer "Telekom Security ServerID OV Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VJ8dw5WNtz4fKS for ; Mon, 15 Apr 2024 14:27:48 +0000 (UTC) (envelope-from infoomatic@gmx.at) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmx.at header.s=s31663417 header.b=W44BixdE; dmarc=pass (policy=quarantine) header.from=gmx.at; spf=pass (mx1.freebsd.org: domain of infoomatic@gmx.at designates 212.227.17.20 as permitted sender) smtp.mailfrom=infoomatic@gmx.at DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.at; s=s31663417; t=1713191267; x=1713796067; i=infoomatic@gmx.at; bh=5Cjp1bG48ylPOlS1FkxFA2dQg6kcoTuk8EcMoCOKeyQ=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:To: References:From:In-Reply-To:Content-Type: Content-Transfer-Encoding:cc:content-transfer-encoding: content-type:date:from:message-id:mime-version:reply-to:subject: to; b=W44BixdEzjf3Fw+ABQAkp9YsPbFMKGl25fTAzmGiQhT5V1mf31wPQyhefuOTRflG cBinHTYMqpzGknQUiCKHgU8ZSS/hokWSo45cpaBHhwY5rJw2Q6Xr+o56My5dCbGjk 9pm8rut/DIDp9WPnEWf2Ye6bDFtvHiFSR3MXPC77POvA1asfNpUjSBkL0DdiCTdjo rF+izX4irFkq4BQ5IECPjkZZJXP8harQYjWKQXB1XIpYdGvh8hk8WBgXYx7wIiBP8 agwDni3RMKe06IpIRdMNYKoVovOkdm1/OiITvpBg+yOx88gjytrBhiByqNX3rHssx C5et3ldYMWqLSHWYyw== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from [10.0.1.209] ([178.114.176.9]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MBlxM-1s1pst0nQS-00CDnf for ; Mon, 15 Apr 2024 16:27:47 +0200 Message-ID: <202633d8-b51c-4f8e-8426-f42a8a79c99d@gmx.at> Date: Mon, 15 Apr 2024 16:27:46 +0200 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: cpu-microcode-intel-20231114 To: freebsd-security@freebsd.org References: <202404151356.43FDu3d7023044@higson.cam.lispworks.com> Content-Language: en-US From: infoomatic In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:HjK9PpHbY3Ua1BxJOS/CjZSLW2ykL04l8GtIoz3tGMXjEvQ6OfT GVvtX9um93EDWDdDilj052CHT0Y9x3FZIwh7lq0zrHWLvGOOc90VcnBWhwSvtmQiPUh2ZOj XTPFxFhQp1vpzJI9CFvnmhponizvKNIkUcrwPqbL2ZPtLHzTTqt1XfsszZa3mNRhkpnHKgw uliea/Y6jnpc0QplUSw0w== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:GcQX/H/OrLo=;Ku37ZIav9JSYF3obDKv7OlE0EHM HfI4MJBs6Xhxzi/Ry6ipec/1uDNTNPzqChKEECh/EbGn/okzUVfruCERiII4Y5NyS8Tz86Vsg w609ngVv1tqV+5+ZDgISIHbQGzSaPHHtUNglTHmFecAJnqjhB7G2UmxuzlXNUCCmrfWb6HkEi PglIehmiaX3NFfBWb+s783Cl8tepCxlnQLNS24CqeNzCzi/W8is/xbLntMnl4z50oraBh09a5 eq83sqaQZ3uEeZIOp2Zcj//VU/ayDcpVGJd7aLc7WnAlcAg9rtyCIn1FcICPo0HhAjTUkjPFa ZgBlRtEnABVQ/96V2JafqXxNKEqbW3AJwyDiC/7OCY+Olbr0FNkXsVT9ZgS3rkvg5Uk4TAU2K i79N2DCuyGIInDroCeZ1bAQbhbIKtWcnta2Cu8tC3zY/v7xLdnw3EW0TQCLWFQkm21mgZ5/ba xFu20lcUZiJDewPv6PPbNN1VrFMkWh8d3oKEiyucdjnW0UxesdBS2MnwZPDJo/evT3Hx0RLfH aVNZ3EVEgUfAeOjG68hnHMurCBvTptg1nYCLegnlzAi6Au3FvP83FCQ7d1rUUEtLOWgdJBtnx WXR2C8ZmO4bUuuOGk09rgJYlsT6rQxUBbUEiqu+AUWu8x/0KPCqHahk3Iq//8zjzZOp8n030v nxqaZQSAc2fFO7AGS7qc1m3v7m8HN8lSL5xm1Om5Xkh2B8e0/NUPouO1A2VolmE0rRatYjQ9V PampQOQKxCeYCFnGXAwgraZ8pd5xSIW3TfeBTM3z274wcf5FQ9PxdqYb3Kghcz5+LF5SrA/mK b7KLuzzolVJgnLb6sYGqdCQHskgFsWoo329sw4bN3ZDxs= X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.65 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gmx.at,quarantine]; NEURAL_SPAM_SHORT(0.34)[0.341]; R_DKIM_ALLOW(-0.20)[gmx.at:s=s31663417]; R_SPF_ALLOW(-0.20)[+a:mout.gmx.net]; RCVD_IN_DNSWL_LOW(-0.10)[212.227.17.20:from]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; XM_UA_NO_VERSION(0.01)[]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[gmx.at:+]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_FROM(0.00)[gmx.at]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; RWL_MAILSPIKE_POSSIBLE(0.00)[212.227.17.20:from]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmx.at] X-Rspamd-Queue-Id: 4VJ8dw5WNtz4fKS pkg update -f refreshes fetches your package catalogue (latest or quarterly - see /etc/pkg/FreeBSD.conf). After that you should be able to upgrade the package. Regards, Robert On 15.04.24 16:19, Marek Anio=C5=82a wrote: > No, it only shows the old version: > > =C2=A0 ~ # pkg search cpu-microcode-intel > =C2=A0 cpu-microcode-intel-20231114 =C2=A0 Intel CPU microcode updates > =C2=A0 ~ # > > The latest version (20240312) is not available. > > > > From:=C2=A0Martin Simmons > Sent:=C2=A0Monday, April 15, 2024 15:56 > To:=C2=A0Marek Anio=C5=82a > Cc:=C2=A0freebsd-security@freebsd.org > Subject:=C2=A0Re: cpu-microcode-intel-20231114 > >>>>>> On Mon, 15 Apr 2024 09:09:57 +0000, =3D?iso-8859-2?Q?Marek Anio=3DB= 3a?=3D said: >> >> As of 13 March 2024. "pkg audit" reports the following vulnerabilities = in FreeBSD 13.3-RELEASE-p1: >> >> cpu-microcode-intel-20231114 is vulnerable: >> =C2=A0 Intel processors - multiple vulnerabilities >> =C2=A0 CVE: CVE-2023-43490 >> =C2=A0 CVE: CVE-2023-22655 >> =C2=A0 CVE: CVE-2023-28746 >> =C2=A0 CVE: CVE-2023-38575 >> =C2=A0 CVE: CVE-2023-39368 >> =C2=A0 WWW: https://vuxml.FreeBSD.org/freebsd/b6dd9d93-e09b-11ee-92fc-= 1c697a616631.html >> >> Found 1 issue(s) in 1 installed package(s). >> >> The website https://www.freshports.org/sysutils/cpu-microcode-intel/=C2= =A0shows that an update to the package appeared the day before (2024-03-12= ), but the BINARY package providing THE UPDATE IS STILL NOT AVAILABLE! >> >> Should this be the case? >> Or, should I update the microcode in some other way? > > pkg search cpu-microcode-intel says the latest version is called > cpu-microcode-intel-20240312.=C2=A0 I don't know why these packages have= dates in > their names so they don't upgrade automatically. From nobody Mon Apr 15 14:27:50 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VJ8f86zY5z5GhZS for ; Mon, 15 Apr 2024 14:28:00 +0000 (UTC) (envelope-from patpro@patpro.net) Received: from rack.patpro.net (rack.patpro.net [193.30.227.216]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "patpro.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VJ8f81JTlz4fS4 for ; Mon, 15 Apr 2024 14:28:00 +0000 (UTC) (envelope-from patpro@patpro.net) Authentication-Results: mx1.freebsd.org; none Received: from mail.patpro.net (localhost [IPv6:::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (Client did not present a certificate) by rack.patpro.net (Postfix) with ESMTPSA id 41E58BD6C; Mon, 15 Apr 2024 16:27:50 +0200 (CEST) ARC-Filter: OpenARC Filter v1.0.0 rack.patpro.net 41E58BD6C ARC-Seal: i=1; a=rsa-sha256; d=patpro.net; s=openarc-20230616; t=1713191270; cv=none; b=I8MH1L8QuND60BvhuzBQg2sq3Bmq7A9SVBCbm35c+PH/TbaKNHFY/bfZ9cvOTpiA1iF7je8Ro4qlhFwiniQLTU9T/YJt7WBTHDvBL1W2czzib6Imk+aOl/lWLPB37b+e9XNYBe+dIGWSMvn72vCV6wcmfCEqvJGHN2cfa7bKTJw= ARC-Message-Signature: i=1; a=rsa-sha256; d=patpro.net; s=openarc-20230616; t=1713191270; c=relaxed/simple; bh=De/Lk5guH+Mz8ryawxvhuFyVOwbOo57d07hMngmyQp8=; h=DKIM-Signature:MIME-Version:Date:Content-Type: Content-Transfer-Encoding:X-Mailer:From:Message-ID:Subject:To:Cc: In-Reply-To:References; b=DyAGJzZ3XsixRMtKg62Dt52TkQ869UlTFwVH/V7TgzGwVXPQF6rw12ONou4k+iltkMwAnc4zjIvzNlOFioSaUfKw5BmMOl71b+wxiG2Md2zF8GZaoV9Gr5TMRxCWDUZBEgBMjLkPa3Yv+K23qSFzT+KYs5aqwwTH8JvUTMnDs04= ARC-Authentication-Results: i=1; rack.patpro.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=patpro.net; s=202403-3b90cc35; t=1713191270; bh=De/Lk5guH+Mz8ryawxvhuFyVOwbOo57d07hMngmyQp8=; h=Date:From:Subject:To:Cc:In-Reply-To:References; b=DJR5H6YJrx1323eF02NYsvVN+Ghqotd4gP6oKjrwu/tE1J/ZAbieJDVeMVcDCbKZE 72Ldsg9DX3DqLEz9BaNAFEnbzqnikwejqMwSYapt7FZ5T+mWXnOnJseQi4dxwbxelT 7rA5b2odOoyRE1ne2TjPxqECOim9qlKkMAkIvxzW26SJAuHLxdK7DeHcf0SJ82dn3J Ur/Q9cxWOHQieuVoqgRVSvBLjLpRkONuR6eVE+QOLXZ/qyOxOV01cFGu3kiq2J6TBl jS8TJQ82EBcnu9x4xUnEyiJsJ4zTOpkrEyF4NCyYJ8NDgJSoGLz+b6qwBX0ISqB8Gl 6R+gAfaW9dcAQ== List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 Date: Mon, 15 Apr 2024 14:27:50 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: RainLoop/1.17.0 From: patpro@patpro.net Message-ID: <5e6baf3fd3926c1f0de47da98318f978@patpro.net> Subject: Re: cpu-microcode-intel-20231114 To: "=?utf-8?B?TWFyZWsgQW5pb8WCYQ==?=" , "Martin Simmons" Cc: freebsd-security@freebsd.org In-Reply-To: References: <202404151356.43FDu3d7023044@higson.cam.lispworks.com> X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:29608, ipnet:193.30.224.0/22, country:FR] X-Rspamd-Queue-Id: 4VJ8f81JTlz4fS4 hi $ cat /usr/local/etc/pkg/repos/FreeBSD.conf=20 FreeBSD:=20{ url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", mirror_type: "srv", enabled: yes } $ pkg search cpu-microcode-intel cpu-microcode-intel-20240312 Intel CPU microcode updates April 15, 2024 4:19 PM, "Marek Anio=C5=82a" wrote= : > No, it only shows the old version: >=20 >=20~ # pkg search cpu-microcode-intel > cpu-microcode-intel-20231114 Intel CPU microcode updates > ~ # >=20 >=20The latest version (20240312) is not available. >=20 >=20From: Martin Simmons > Sent: Monday, April 15, 2024 15:56 > To: Marek Anio=C5=82a > Cc: freebsd-security@freebsd.org > Subject: Re: cpu-microcode-intel-20231114 >=20 >>=20On Mon, 15 Apr 2024 09:09:57 +0000, =3D?iso-8859-2?Q?Marek Anio=3DB3= a?=3D said: >>=20 >>=20As of 13 March 2024. "pkg audit" reports the following vulnerabiliti= es in FreeBSD 13.3-RELEASE-p1: >>=20 >>=20cpu-microcode-intel-20231114 is vulnerable: >> Intel processors - multiple vulnerabilities >> CVE: CVE-2023-43490 >> CVE: CVE-2023-22655 >> CVE: CVE-2023-28746 >> CVE: CVE-2023-38575 >> CVE: CVE-2023-39368 >> WWW: https://vuxml.FreeBSD.org/freebsd/b6dd9d93-e09b-11ee-92fc-1c697a6= 16631.html >>=20 >>=20Found 1 issue(s) in 1 installed package(s). >>=20 >>=20The website https://www.freshports.org/sysutils/cpu-microcode-intel = shows that an update to the >> package appeared the day before (2024-03-12), but the BINARY package p= roviding THE UPDATE IS STILL >> NOT AVAILABLE! >>=20 >>=20Should this be the case? >> Or, should I update the microcode in some other way? >=20 >=20pkg search cpu-microcode-intel says the latest version is called > cpu-microcode-intel-20240312. I don't know why these packages have dat= es in > their names so they don't upgrade automatically. From nobody Mon Apr 15 14:44:03 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VJ90k5z8Hz5GkGV for ; Mon, 15 Apr 2024 14:44:06 +0000 (UTC) (envelope-from man130117@outlook.com) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04olkn2085.outbound.protection.outlook.com [40.92.75.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VJ90k37RJz4jW5 for ; Mon, 15 Apr 2024 14:44:06 +0000 (UTC) (envelope-from man130117@outlook.com) Authentication-Results: mx1.freebsd.org; none ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IvFvkAPZHol6qXZTL/x+h1/D6SjgdQQ825hMYeKGmx7e5cWWHcJAJr813VApam4+Hzzss9SeyW1WBkc8gdCwXQz1Etm4vY1LIHw4YrQWr9etdxm2P51JGA5AZayfpWMDxJcvxCuiWhZ7Q9+uUbPcCG40Fg8vb7QVzyOg62fhOJ1el38hGO56ctW5XcWDUZGPRgqJxmY3YXY0AiuYmoGOrIRi1jqQs9IR9avR+12zcB0tc06P9x4vCJ6Dn9JbJUTP5Rd3WWVmTOSxkgU18JQBODTSq5gFRh0DqYCUj0yFGlAf2gPKyJ52E54pp0TLeS38FjG7SU+wmrwmnRXZM4dKMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xRvlSvL7tnnGyZDCAo+GES1UGOJpsSwo0eXZinYPNsE=; b=B3K4aPfmjb4l1GIiny9Ll+nqhcn/ctLAM148cu+SaRDgH/LoA2VJTHLGxixgbTnXBo9tTlIlDpYMwIvsxD5ORmQwr9rTJhklPK2TMbDQXatXRJQFdJFfLFHUl6IIJ4GyR7C0760im16OYLH8XHySE/K9X/oSIE4m+AvjbTOktvNtP2pjB6I7Vq+6UI/DyQ+DoJMr+JvCZKtJyDdp1kVeQ6crYFwllzkczn3yxJOGtaa5sls0m4BVcTLb0n+I5TMwia3L24iwk+OePU8lTOt3pfPdlF4YX0y/kd0xVjA3XBHXBAizmwT7RuG5J7NDcwEKyJUC1pgg5dE90dauPpsTog== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xRvlSvL7tnnGyZDCAo+GES1UGOJpsSwo0eXZinYPNsE=; b=FPxzK3sWXFgOqU9lax8IfrQwRWbhp6UfbNi2ibTgIdey0zNkPVkcKHH7hIIY3vvcNuYWSIiHptpVBQfpva51/njx6qTHZHt8iURMAZn1wptvTw0rldWDGj8J68oRoEtD2QNZ7tK7cj7ACRK0J/ZkEuqpf1L5B3kSbYLbMQOdjzWi3J4iWv/gjBEsQaLb6DrQNXiMu4a+YpJ0r1Jgpmf8CzYlrtHfXmxDO8F1E4/iMjtuP5ZIf/qCeYQPk2iq4ya/cIRXqWwS58vTobJaWOsw5ks9MCj3hnXtIkSE0yUxbf6qR/ylK709R4S1ON621U4tut7399Z6ZDooRiz/G5NgRg== Received: from VI1PR03MB2973.eurprd03.prod.outlook.com (2603:10a6:802:2e::18) by VI1PR03MB6334.eurprd03.prod.outlook.com (2603:10a6:800:138::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.55; Mon, 15 Apr 2024 14:44:03 +0000 Received: from VI1PR03MB2973.eurprd03.prod.outlook.com ([fe80::af5c:6eb0:6da0:f456]) by VI1PR03MB2973.eurprd03.prod.outlook.com ([fe80::af5c:6eb0:6da0:f456%7]) with mapi id 15.20.7409.053; Mon, 15 Apr 2024 14:44:03 +0000 From: =?iso-8859-2?Q?Marek_Anio=B3a?= To: infoomatic , "freebsd-security@freebsd.org" Subject: Re: cpu-microcode-intel-20231114 Thread-Topic: cpu-microcode-intel-20231114 Thread-Index: AQHajxP9aENurjjlX0GCLDoKQdTAiLFpWzYpgAADh7CAAAVGAIAAAtIw Date: Mon, 15 Apr 2024 14:44:03 +0000 Message-ID: References: <202404151356.43FDu3d7023044@higson.cam.lispworks.com> <202633d8-b51c-4f8e-8426-f42a8a79c99d@gmx.at> In-Reply-To: <202633d8-b51c-4f8e-8426-f42a8a79c99d@gmx.at> Accept-Language: en-US, pl-PL Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [rhoo34CctwvHr2SvGOLo9tzSyYqWpG+k] x-ms-publictraffictype: Email x-ms-traffictypediagnostic: VI1PR03MB2973:EE_|VI1PR03MB6334:EE_ x-ms-office365-filtering-correlation-id: 8f51c596-3587-46e6-518a-08dc5d5a7e95 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 8eCnTCmpsTmGYgHq/td8qz/B7vKib0GOu63hE2u3QpvhD/7fkyZi5GAKtm2ih2PDz3CSBYZ+U9hGnTW1CnlgTlJmKXbYPaXtZeCNxG3T1dgZLxG3DEYOtEy0u86IqaQTmnLNWvGXzWZGxPwFvS5oHvF9pAhOuYbuWMHZXML+Xk8/5dqh5Qr9jx9ZpTQ7a01bCHDZXNeSr4wB9YJBElhPu42sFjzgmuWqEfFgePD+FIXMlb28mH0yYNP/FHaBrh4qqWxjw6yV/8+qy0/x6+suKF4TcOoy6t0Hk3w7gLD8tUYbn8WJSyaMpRz9SJ6P3hbZUkXAQY8JfGp/JMvrjmTmQt//PuCNDHWQe0e6vu5wylLau0MD1+Czbs8WJ1rnWdEdLpK2DxwWvnMt4LV7X7flQ7Hp2MXLapN3NByLe7QjMHKQXO9cUdcvFFFcYlqqfTMkvEyo0vdXq3lKie7mwhs3dJeBMpGuTjRXXGl2IH1GkY+T/gjmVr5up1OjwDJmf+/2m3MNRjBUlLqe3WfpwpBLmA/EYMHnxPPhfrYxvuxu5ZCIetrLseWGVayNd+tGW/pCmn2tkoluk6Ea+YXYZR590c0MJZXOeD9rDhxHV7WTL8qLSumtYr5aP1ASyFv3EaJvgqRosLqksSBjv85cG8pRmrtRbIM5CFqCUlphmqIW+bQ= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-2?Q?GO4mYlmBgpWLXiGtQSUdBI9bBFtXV7SoguutYFV7oZMqVbzpBgDBwRVnPW?= =?iso-8859-2?Q?GaVbFH3DDPNt2ZSv28dkhSn1WeClXJf86gynVUHMJRppgr99086aMD2SE+?= =?iso-8859-2?Q?RZY727tqy8QtiA8AhF/NkdFuB4tctRPNEcKIJgzUti7p28MpRA3CLCKKrL?= =?iso-8859-2?Q?OrN8RkpUIpGB9u8zGWpMffzAY0VUdnu6F9Kjb0cAytMdjjIqLyWrFmk+sI?= =?iso-8859-2?Q?kgqtzsSnKrQNb5qDR7o567SKmy+H5f6NZuYAY+CJbimklQGSCUJJONZe2b?= =?iso-8859-2?Q?NOgRbxEVw35koIU+2q3GfctwX9AU6aNizq2WzG/QBRlJiRXYvA+FHUv+jq?= =?iso-8859-2?Q?w26IAd5/g51ddnMwb3xWPaSGxGsaRLB6BTiUQ3jBZ7ZflKDXq3Hb0/mlIK?= =?iso-8859-2?Q?tbt0TzuDe2rwRNa/s6Xx4sGSNegs1Gt3a3ECQ1najGnM129r+hqzTHXbBQ?= =?iso-8859-2?Q?E7DxWAYQHhmBMBmSlb0NtN1HOJhkyx2cvtEdloOm52A+7bbFh5EWtQmOF8?= =?iso-8859-2?Q?t+ABi1u07ANpx39+FbeiTKkuMnBjHkBQJVtONlxk7tKphZyE303rFxaYNR?= =?iso-8859-2?Q?h1E3Qmmmbb/AvcAe39kCdjJFmNKIqn0YkbcQtQ2u7PExmHJDwjY3ORNne5?= =?iso-8859-2?Q?ldvrvgMNdLfaVteWvtr+Z9OkHiSHMJTymOODk/7nH69tZXmtakIy7aVu1z?= =?iso-8859-2?Q?2D9Yr0Vk7sK71Qt/C2/135b/GCe1FJT+5jcWAwQhR6zc/IzAba8hEJd/p5?= =?iso-8859-2?Q?Hcg9YNQEJfwySTyOtbbPCuGM/zpk9zitigmz304DWQp6ZR5QFgEmmuE7Yy?= =?iso-8859-2?Q?1qvCs8AIs8GQhkRS7ZwYGe8ob2SmUghRT7EzlpIry0DpLkH1oAjgtonGDS?= =?iso-8859-2?Q?dMvYL+QBuRFy4KKHZu1RmaWX5B3II67NLnNHVUkzn7490opULLK+VxgPcJ?= =?iso-8859-2?Q?11XNCqDa6MaZkPVCkpA47o81UGJTq1f6p8eUVqksIYFphp45xPmkuMN9S8?= =?iso-8859-2?Q?Bc9VcaVTfiVqrcXP6fR28pi56eqRhpLh32V/s+Vx4BFCHvfY/SPAzG73su?= =?iso-8859-2?Q?jrsgdZ9Jw7X82ojF7utf44LhPAwByvpEwOLmW88VpglGps9D9RREs3v/6d?= =?iso-8859-2?Q?5uy6cpC6/UY2CoAYu+oFRqPMysvA+Oq75QTY6n1XnPnBl1LF4a0qBiRle8?= =?iso-8859-2?Q?MOuhYiP8Al+MMmm+Gx1aBwkv+u1Dw+vGFrET+rOzCarksjGg+aUpMJaPwl?= =?iso-8859-2?Q?wielSLmdSk/qiBdPQGS71/c59rrw5bmOqyr83P2Oc=3D?= Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR03MB2973.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 8f51c596-3587-46e6-518a-08dc5d5a7e95 X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2024 14:44:03.1298 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR03MB6334 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:8075, ipnet:40.80.0.0/12, country:US] X-Rspamd-Queue-Id: 4VJ90k37RJz4jW5 That helped=0A= (I had "quaterly" instead of "latest" in url line of /usr/local/etc/pkg/rep= os/FreeBSD.conf).=0A= Thanks a lot=0A= =0A= =0A= From:=A0owner-freebsd-security@FreeBSD.org on behalf of infoomatic =0A= Sent:=A0Monday, April 15, 2024 16:27=0A= To:=A0freebsd-security@freebsd.org =0A= Subject:=A0Re: cpu-microcode-intel-20231114=0A= =A0=0A= pkg update -f=0A= =0A= refreshes fetches your package catalogue (latest or quarterly - see=0A= /etc/pkg/FreeBSD.conf). After that you should be able to upgrade the=0A= package.=0A= =0A= Regards,=0A= Robert=0A= =0A= =0A= On 15.04.24 16:19, Marek Anio=B3a wrote:=0A= > No, it only shows the old version:=0A= >=0A= >=A0 =A0 ~ # pkg search cpu-microcode-intel=0A= >=A0 =A0 cpu-microcode-intel-20231114 =A0 Intel CPU microcode updates=0A= >=A0 =A0 ~ #=0A= >=0A= > The latest version (20240312) is not available.=0A= >=0A= >=0A= >=0A= > From:=A0Martin Simmons =0A= > Sent:=A0Monday, April 15, 2024 15:56=0A= > To:=A0Marek Anio=B3a =0A= > Cc:=A0freebsd-security@freebsd.org =0A= > Subject:=A0Re: cpu-microcode-intel-20231114=0A= >=0A= >>>>>> On Mon, 15 Apr 2024 09:09:57 +0000, =3D?iso-8859-2?Q?Marek Anio=3DB3= a?=3D said:=0A= >>=0A= >> As of 13 March 2024. "pkg audit" reports the following vulnerabilities i= n FreeBSD 13.3-RELEASE-p1:=0A= >>=0A= >> cpu-microcode-intel-20231114 is vulnerable:=0A= >>=A0 =A0 Intel processors - multiple vulnerabilities=0A= >>=A0 =A0 CVE: CVE-2023-43490=0A= >>=A0 =A0 CVE: CVE-2023-22655=0A= >>=A0 =A0 CVE: CVE-2023-28746=0A= >>=A0 =A0 CVE: CVE-2023-38575=0A= >>=A0 =A0 CVE: CVE-2023-39368=0A= >>=A0 =A0 WWW: https://vuxml.FreeBSD.org/freebsd/b6dd9d93-e09b-11ee-92fc-1c= 697a616631.html=0A= >>=0A= >> Found 1 issue(s) in 1 installed package(s).=0A= >>=0A= >> The website https://www.freshports.org/sysutils/cpu-microcode-intel/=A0s= hows that an update to the package appeared the day before (2024-03-12), bu= t the BINARY package providing THE UPDATE IS STILL NOT AVAILABLE!=0A= >>=0A= >> Should this be the case?=0A= >> Or, should I update the microcode in some other way?=0A= >=0A= > pkg search cpu-microcode-intel says the latest version is called=0A= > cpu-microcode-intel-20240312.=A0 I don't know why these packages have dat= es in=0A= > their names so they don't upgrade automatically.=0A= =0A= From nobody Fri Apr 19 15:11:51 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VLdR02Kf4z5HD4H for ; Fri, 19 Apr 2024 15:11:56 +0000 (UTC) (envelope-from stephen.wall@redcom.com) Received: from SA9PR09CU002.outbound.protection.outlook.com (mail-southcentralusazlp170120001.outbound.protection.outlook.com [IPv6:2a01:111:f403:c10d::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VLdQz3yrSz4PJs for ; Fri, 19 Apr 2024 15:11:55 +0000 (UTC) (envelope-from stephen.wall@redcom.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=redcomlaboratories.onmicrosoft.com header.s=selector1-redcomlaboratories-onmicrosoft-com header.b="jsooLCs/"; dmarc=none; spf=pass (mx1.freebsd.org: domain of stephen.wall@redcom.com designates 2a01:111:f403:c10d::1 as permitted sender) smtp.mailfrom=stephen.wall@redcom.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RKmQrzdkoFNdMLpq018NOjPf3mmV+qWHSG5NJMAavflkKLss3H/qJUXDIrKADG9os0CZz27wLMEVipXccDbB/RTBN3A4PI48RvAVR/5eWVp6cqcSUrby/AUED21AJRSwqt0ye//jwatZWD5davrb+2kSn+ByYKi7DM3U+88HjwEQfPeGl2PY0Umue0Vo+E6Q/2qrv+QMQ9XfzrjRYpUv2XGKIyY52ZfNqZubdfexSlXeQnRisEWiI2vxw4hy6dCWuhu9bsQh9EY8QNwOC3otRvZU3P/Dx877h7RO1w28BL2E/JZJ6HYwEuz4I1/2hLRNX09v/encS/NYTM2Vs49ZwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SclUkZJC5rAuTbmLt8f2vub6fw4OuK62AgHI5OD31Cg=; b=dngIhVSTZ5q6TWisYvuLqfba5Xu3Oy9Z26yMhfMKncA2h5e7PcvRXDDhnZWK+vJGZWL5Gn9sN/05YNSi9xOYzhZUHjN5mvgY8DW9VIaziBHNAP5jyHHEX2D4tyykyaWGEB4YkXl8WSf7yF6pRcR501/Iv9qAxhFfAr1k3qNUFsR9OR1dRYwd08SDsX1FbzU6jB0hSV+dlx5q6ktSlCsZONo+guCUbur3ckpe0H0OSJdS44U/CQEA95LoaFSMaAdEmE5RadLcI7xuWssBoKNf+1p+3f7C7gN5t4Iz//SAx//j5EEGvA7QTqc1mumfo6giuAurbBIXgyECuCfdJrDhNg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=redcom.com; dmarc=pass action=none header.from=redcom.com; dkim=pass header.d=redcom.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redcomlaboratories.onmicrosoft.com; s=selector1-redcomlaboratories-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SclUkZJC5rAuTbmLt8f2vub6fw4OuK62AgHI5OD31Cg=; b=jsooLCs/T5IVySUYser0UcPBYFHp7E2TxQrWjeN6NPwMWJFTRPFmCpBI4alTYldDdpIMm+cQiQXI2/7TU2rLABkRgAjHZxjmpzQoIdVJIsesYCdkrTZ+pQv4XWLqR7MRRbAQyAHIazNxzZkPx5Um2ndCnK8PHrZMnmfH5KjsT2ZTArrWRsU5vYr3JAg9u0F2wi/XXeDkn7h0P6OZZHXh9K3ov5CjJfVYiL2MVkDNwSdKPbyeMXO4I6wQyV8YKIojUr4XEV/ZriYETEYQXrx8Xo6AusuW67OHOFex8N9wleCSLWCBrqBqXKtM4PC6nTbevnNAowUTIElWij7byxgKig== Received: from MW4PR09MB9284.namprd09.prod.outlook.com (2603:10b6:303:1f2::12) by SJ0PR09MB6030.namprd09.prod.outlook.com (2603:10b6:a03:26d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.44; Fri, 19 Apr 2024 15:11:51 +0000 Received: from MW4PR09MB9284.namprd09.prod.outlook.com ([fe80::7849:d1ba:7ac7:46e]) by MW4PR09MB9284.namprd09.prod.outlook.com ([fe80::7849:d1ba:7ac7:46e%4]) with mapi id 15.20.7472.037; Fri, 19 Apr 2024 15:11:51 +0000 From: "Wall, Stephen" To: "freebsd-security@freebsd.org" Subject: RE: FreeBSD Security Advisory FreeBSD-SA-24:03.unbound Thread-Topic: FreeBSD Security Advisory FreeBSD-SA-24:03.unbound Thread-Index: AQHagOWRjQu9lqMWJE2hGRCC6LnFwrFv0gWw Date: Fri, 19 Apr 2024 15:11:51 +0000 Message-ID: References: <20240328075102.10441343C@freefall.freebsd.org> In-Reply-To: <20240328075102.10441343C@freefall.freebsd.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR09MB9284:EE_|SJ0PR09MB6030:EE_ x-ms-office365-filtering-correlation-id: 8136667c-5b2e-4fb1-f9d2-08dc60830a7b x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: theee35OdgSOhzCGCIm8Zgw0a8mBxCbTUFQbjsPVaUZsO6O3OVqa7NLnbB3oshdCEBSkm5J2YGXour8J2t1whFnG+VDHokbhcVcQ/nH6S1eVuNnfgNyBz3wNvi2bsPXFDe/r2miicOSzP/da97/fS/kNMD9RhLbDwVsCQ4l/dbvLREhCzlH08QyeWSOGa1yAROgXoWQMp03J8Rl1QWvKbEAQ5O8rpVS9jD4Ct0dFlJm262MIN7YxytpyI3AlORRtMgmH4xgxcqRsgwEHJDvMgYuGndOVhCuR3n8hAzySGP4fP/OviHsDCTwAxTVq0OaS9u8tLI7twyBGsCHKhB0yQAxHy9qsOuFyV8qdaZXMN81QeIkL3Ziak+UXKcVJEFMKwrHfdOyW8o8tzuF77DO2hL+0Xtuzob1ii4FKxa+/18GU06xoZ+pjXACPwvkdQNFUk9H/D/DmRj9iu22zdcf1si1IYmkNtUyy83C6xhXnEeusMSJiyclvvms9zRIvlyeOaP38mdvNSAKAwghxrNd50XbYswR2EIUsVCilAsrHhuW8IAlEVAzKMfr38cFFwpqMROKD2Y5mECL/SiHH99zcKnseGBJSS84FQZ5aPL/hH0jVmGD5U+p7/ZtoHIr4LJHff3esI0WiwY29Q8QrL/03SEmnMhd1CB8b9hzb0pMmv0oC/bR3W7uNDbFjcRSEvuwVBFju4btdOoh4G7/skrYpFHpbKb2iuZKIWgChL76jZNw= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR09MB9284.namprd09.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(41320700004)(366007)(1800799015)(38070700009);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?akY3NHltVk80TWZnSys4dXB0YkZIeWRFT1FrVnVkUVh6VmN5emw0cHdUR2JU?= =?utf-8?B?dlRxTDdCbXMxRTc0cC9NbHVOY3lCY2c3Rk1za2F1R3czUXpwR3AxcC95eHBN?= =?utf-8?B?elNkdER3TEd6aCs1MzhSNnR0YVpNemw4N3M4MXQ2UktrclVzeWhNRDhpQmZq?= =?utf-8?B?ZXZpS0FIL0RZRDJNNHJsczdGeUFiUzhwK1M4OS9HWDdIWSs3QjZua2ZuN1Yy?= =?utf-8?B?eTZOS2JFeUxyTk54UEFtSFVydzd5bjZZRnRoaHgzZGduaVh4OVFnMVVtd014?= =?utf-8?B?NGNrcGFieGJpcXNKdGVrdUY2YkdPM3o5ZTZXUU1qNS9QRmNXU2FnYXk5VnFJ?= =?utf-8?B?NEtzRG93amExclJMTTJEOHA4OUZsSVZ4bWttOEdEYy9xK2RlcS9VcXRucnVi?= =?utf-8?B?ZVYvRS9QYUhVd2FteTA1UWgxYUlOYWlndVFOZmZzTnBTcjdpbEdoTms5M0Z4?= =?utf-8?B?VWhyd1NaN05VbDlYVVBham9hNGR1L3VGd3dMczJaeXRrc2k2cmRDb21QZ2NT?= =?utf-8?B?eVd3bDhORmRJVWtRSFM4UWhGMW5jaWNrVFp6S0ZqMHozdDg3ZnVRUUQwRUdo?= =?utf-8?B?V1cvVllKdGJjZ1RxbTRRbVd1Rkl4QkV4dk5ZQXBYYWtVdC9ib2VyUWtNZDdw?= =?utf-8?B?SFRWaFpFdGgxMUkvd2Q1bm9wZlV5eEl3NjZ0aHM2bk5ndEkwT3BOT1B0NXkr?= =?utf-8?B?d1puWForQ2xiSnkrRkhQVDhWdEYwc1hmQm11dTNhTXNGRTR5eVpMNFFZSVBT?= =?utf-8?B?cE5DWTN0aUozbThzVzhZZ21kWUQ0d1d4UWZHLzQrT0hrb3lQOEJZT290cDc5?= =?utf-8?B?amtpS0E2QlBHTm9Lbms4VlhhUlFFSTJaSWt0ZGZqcVZvSW9PRVpnSWMydlQz?= =?utf-8?B?WEx2em0zbFFzQUFqM0V5NjNxQWg4SjN0VW9iYjF3UEpvYlFZKzVuM0RWNmZP?= =?utf-8?B?aFA4QTJGclREWkJ2V05nN2xub1R6cHl4NTlsbjRaNmNhdHZQQmVlZTVSWGlB?= =?utf-8?B?KzlPa0ZzL1Q4MXZYQ3ArUTRBcWZwVTZOVEV3TnRCc3lrcFl2M0FqUmR3Y21j?= =?utf-8?B?SmFVbGlhT1B4ZHhvbFJvOWlZL09xanRQQ3Z4QzV0V1RGNVNwKzh4UXpoRkFC?= =?utf-8?B?d3A1WW9MVWp5MTlLZlFQNFlrWnlpTHNiaGJXQXB3UHVkNm9FWE5sb2JRSnNU?= =?utf-8?B?Qm9ZQTZoRWRmcHl6ME40c1NsV0xhK3gvdjNSdGw5UlVpSUNncE5BV25saXNK?= =?utf-8?B?RTZZQzk2RUxOcnY0b1dxM3BGTHhnclFPNWd2eXFnSklWTHFMZW5mWXpnTXJJ?= =?utf-8?B?TzA4cUlodWVNaGM2ekhDR0lMZTZsRnlndTZCZzBRM0YwWnoxR1RCMnd2THFk?= =?utf-8?B?Y1I1ZmVNRTBmUlJiblJFTzcvTjR2MGlpRGtYYjkxNHFyK3VWaVMxb0dLZCtI?= =?utf-8?B?VlBlWkVaT1oxSzNzU2U3Z2xjYnF2bFJSQmlpaUVYNXY1Si8rRWtGbWhrS3py?= =?utf-8?B?cjNZM1pkQmhTTVlLZGRhSG9PS3gveDZZTDhkbEdQcEk2VlB4ZENqYzRJbW1v?= =?utf-8?B?ZTlMUk92SS9YMGRBTzNPeGRLUUFWLzBEUEo5cFIzWkE4aVIrcTVlWnFiQURq?= =?utf-8?B?TXJCOXY5K3haa200ZWNMRVgrSUtpVTBtMDcxa3lBc3hrck94clQzNUNMb1N2?= =?utf-8?B?UlpkaW4zaDgrcnNyMWl3cjlkK29ja3dvTFpSV2tUWVBBQ2pmWHVuOVU4aHRP?= =?utf-8?B?TWNmN0kyeXYyVUg5QUczR3RsOHU0TkRtNHFUQ3N5elFLV3RiNjI0UnBiZExW?= =?utf-8?B?ejZlOStyRjlrcVUwZFBiOEd3ZXFvQ1l1LzlBbVpiSG1BcjQ4Mm1YSDZCOXBu?= =?utf-8?B?S0NuWTVuR3pOWlBUdlVyaG5za0IxVy9XNTZ1enk5T1c1WWhsbEM2VU5LbFpK?= =?utf-8?B?Y0syNWZCZDZFYnZTM3lQNTg1a2hQOGRvVXlaUnEway9leVpoNFBIcTZXdWRN?= =?utf-8?B?NTdPYkpNZUtzbExnUmd6Rm9zTU5tY0NNVERIV0wzMy8wTk5PQTRXSFVUZlMw?= =?utf-8?B?Wm1Nd3NYTEtLSE55cWRSMHlFMkFBTW0yT1dZMjY3bWdRbUl3NmJQR09oTnJP?= =?utf-8?Q?i/2U=3D?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 X-OriginatorOrg: redcom.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR09MB9284.namprd09.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8136667c-5b2e-4fb1-f9d2-08dc60830a7b X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2024 15:11:51.2014 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 86200ba5-6348-4d6f-bdd7-96f43e8d9247 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR09MB6030 X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.40 / 15.00]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_BASE64_TEXT_BOGUS(1.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_ALLOW(-0.20)[+ip6:2a01:111:f403:c000::/51]; R_DKIM_ALLOW(-0.20)[redcomlaboratories.onmicrosoft.com:s=selector1-redcomlaboratories-onmicrosoft-com]; MIME_BASE64_TEXT(0.10)[]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_ONE(0.00)[1]; MISSING_XM_UA(0.00)[]; ASN(0.00)[asn:8075, ipnet:2a01:111:f000::/36, country:US]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DMARC_NA(0.00)[redcom.com]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_EQ_ADDR_ALL(0.00)[]; DKIM_TRACE(0.00)[redcomlaboratories.onmicrosoft.com:+] X-Rspamd-Queue-Id: 4VLdQz3yrSz4PJs PiBGcmVlQlNELVNBLTI0OjAzLnVuYm91bmQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBTZWN1cml0eSBBZHZpc29yeQ0KPiANCj4gVG9waWM6ICAgICAgICAgIE11bHRpcGxlIHZ1 bG5lcmFiaWxpdGllcyBpbiB1bmJvdW5kDQoNClNpbmNlIHVwZ3JhZGluZyB0byBwNiBpbiByZXNw b25zZSB0byB0aGlzIFNBLCB3ZSd2ZSBmb3VuZCB0aGF0IGtpbml0IGhhcyBzdGFydGVkDQpmYWls aW5nIGZvciB1cy4gVGhpcyBsb29rcyB0byBiZSBkdWUgdG8gYWFmMmM3ZmRiOCBbMV0sIHdoZW4g aXQgYXR0ZW1wdHMgdG8gbG9hZA0KdGhlIGxlZ2FjeSBPcGVuU1NMIHByb3ZpZGVyLCB3aGljaCB3 ZSBkbyBub3QgaW5zdGFsbCBvbiBvdXIgc3lzdGVtcy4NCkZ1cnRoZXJtb3JlLCBpdCBsb2FkcyB0 aGUgZGVmYXVsdCBwcm92aWRlciBhcyB3ZWxsLCB3aGljaCB3ZSBzcGVjaWZpY2FsbHkgZG8gbm90 DQpsb2FkIHdoZW4gc3lzdGVtcyBhcmUgY29uZmlndXJlZCBmb3IgRklQUyBvcGVyYXRpb24uDQoN CldoYXQgaXMgb3VyIGV4cG9zdXJlIGlmIHdlIHNpbXBsZSByZXZlcnQgdGhpcyBjb21taXQ/ICBB cmUgdGhlcmUgYW55IENWRSdzDQphc3NvY2lhdGVkIHdpdGggaXQ/ICBJcyB0aGVyZSBhIHdheSB0 byBkaXNhYmxlIHRoZSBjaXBoZXJzIGF0IGJ1aWxkIHRpbWUgdGhhdA0KY2FuIHRyaWdnZXIgdGhl IHNlZ2ZhdWx0cz8NCg0KT3IgYW0gSSBvbiBteSBvd24gcmVzb2x2aW5nIHRoaXMgYmVjYXVzZSB3 ZSBkbyBub3QgdXNlIHRoZSBsZWdhY3kgcHJvdmlkZXIgKEkuZS4NCm5vdCBhIGRlZmF1bHQgc3lz dGVtKT8NCg0KVGhhbmtzIGZvciB5b3VyIGNvbnNpZGVyYXRpb24uDQoNCi0gU3RldmUgV2FsbA0K DQpbMV0gaHR0cHM6Ly9jZ2l0LmZyZWVic2Qub3JnL3NyYy9jb21taXQvP2g9cmVsZW5nLzE0LjAm aWQ9YWFmMmM3ZmRiODFhMWRkOWRlOWZjNzdjOTMxM2Y0ZTYwZTY4ZmE3Ng0K From nobody Fri Apr 19 15:46:42 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VLfCf54dGz5HG9T for ; Fri, 19 Apr 2024 15:47:10 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: from ms11p00im-hyfv17281201.me.com (ms11p00im-hyfv17281201.me.com [17.58.38.39]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4VLfCf2z1Pz4V3G for ; Fri, 19 Apr 2024 15:47:10 +0000 (UTC) (envelope-from gordon@tetlows.org) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tetlows.org; s=sig1; t=1713541627; bh=asVv8NlE7CwZux+iWKAvMTE/ZAC/RsPV5sPa+77mbVY=; h=Content-Type:From:Mime-Version:Subject:Date:Message-Id:To; b=Siv60rF/GnORifT5XZj69MUMDachL6TgLhORXGafingfyJ/dako3dddxyqXA5XhY5 QHcNsfgZ16IfA61tBShusDWs2oTZRl3hjfk84OmuYO4y12lgs34eJlZxCg9XKTuF+g ZIGM0Sh7h62WQBnX8okRj0oUFuHwupW5kPU1+4C5M5VnAU8EM4JfVF4v2d2YkB2gkq hSGldNim++u7WYycduFGel3KgUAhUcJkJAsXfIRB8xRVoGkhxEM+Fu3LP3qVdfyYRV V3EBNi4nY7vqt66RCJVpW0i+8C3jg93E14MhFclBISe6Vx45IAGDHC9kx2wHtyNWbo BOjy2HbfObG7A== Received: from smtpclient.apple (ms11p00im-dlb-asmtpmailmevip.me.com [17.57.154.19]) by ms11p00im-hyfv17281201.me.com (Postfix) with ESMTPSA id 62B00C8057A; Fri, 19 Apr 2024 15:47:06 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Gordon Tetlow List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org Mime-Version: 1.0 (1.0) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-24:03.unbound Date: Fri, 19 Apr 2024 08:46:42 -0700 Message-Id: References: Cc: freebsd-security@freebsd.org In-Reply-To: To: "Wall, Stephen" X-Mailer: iPhone Mail (21E236) X-Proofpoint-GUID: cHJtDbunVwqNWUoTmDFMMeVmYfk3eWBb X-Proofpoint-ORIG-GUID: cHJtDbunVwqNWUoTmDFMMeVmYfk3eWBb X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-19_11,2024-04-19_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 bulkscore=0 adultscore=0 suspectscore=0 clxscore=1030 malwarescore=0 mlxscore=0 phishscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2404190119 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:714, ipnet:17.58.32.0/20, country:US] X-Rspamd-Queue-Id: 4VLfCf2z1Pz4V3G You are likely on your own here. I=E2=80=99m surprised the base system kinit ever worked with OpenSSL in FIPS= mode. Given the age of the Heimdal code (and I believe dependence on algori= thms that should be deprecated), I would strongly suggest looking at Kerbero= s in ports as a path forward as they will likely be better supported with mo= dern crypto. Gordon > On Apr 19, 2024, at 08:12, Wall, Stephen wrote: >=20 > =EF=BB=BF >>=20 >> FreeBSD-SA-24:03.unbound Security Advi= sory >>=20 >> Topic: Multiple vulnerabilities in unbound >=20 > Since upgrading to p6 in response to this SA, we've found that kinit has s= tarted > failing for us. This looks to be due to aaf2c7fdb8 [1], when it attempts t= o load > the legacy OpenSSL provider, which we do not install on our systems. > Furthermore, it loads the default provider as well, which we specifically d= o not > load when systems are configured for FIPS operation. >=20 > What is our exposure if we simple revert this commit? Are there any CVE's= > associated with it? Is there a way to disable the ciphers at build time t= hat > can trigger the segfaults? >=20 > Or am I on my own resolving this because we do not use the legacy provider= (I.e. > not a default system)? >=20 > Thanks for your consideration. >=20 > - Steve Wall >=20 > [1] https://cgit.freebsd.org/src/commit/?h=3Dreleng/14.0&id=3Daaf2c7fdb81a= 1dd9de9fc77c9313f4e60e68fa76