From nobody Mon Nov 18 11:48:17 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XsQqm3QrRz5clN4 for ; Mon, 18 Nov 2024 11:48:20 +0000 (UTC) (envelope-from des@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XsQqm2dKgz4Jyv; Mon, 18 Nov 2024 11:48:20 +0000 (UTC) (envelope-from des@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1731930500; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0pG8mXtzatSsEIZqX512wUYu1bTr45/5o5uv4pKrqCo=; b=lmGpJ7y99dE3wMBU5CuHtrjIMGwbIH95vlahunn0qGJAffLXAsyTVTLL3NYljUAZfdjVyb metoMRMxFwXRna1w2DNLMncyOe3JTZJtbjCK/11R6grqKzb4L65JvWu+9YL7hQDci9IWzN sP6r7+szLMB+yLIam6hegce/QWBeobJ2SfzCHiWfqdaZRl66wQuwK1bkOAouD7l02PE03h Aoo+vHIaGd2Ca18i1VdC/RkRl8O+p6kVoN9pl9pAKc7nYc7GRsOf/yX43AwhSvD9sCWL2y cNLNWwJQp+uw30vdpb3AHhWa1JwSQCcYvvPi1OT/kulNXJRby2e3XiTW0tV3jA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1731930500; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0pG8mXtzatSsEIZqX512wUYu1bTr45/5o5uv4pKrqCo=; b=WHS4uouipFp7fOuFxU7RAUnWxgacGizSuy/vlTT9z+tEfremLmsVS2kVW1IBDdce9aUbOy /KfefWxm1xMjLLAI/VIufnkkMf5RQnGVVHxtpjjc4KGNvjtH3c7daHqL64f72kYf/U5/B0 Rx3+7L9yxAiBeu72I+KcS98HGJYBRYm1XBAB+LRungSCQXRa6RScPcaK2pZvS5lBUSNlfS G8rcFArf/znF1W9tLQmzQE09i1+d11ce8CrpR8e2/one26AR5mdLtZXasFrJ2lx0HrkbdX 5fbbAvAhNuXqpDgOcbE12v1ozbF+hLAA0p0KU/mqfUBpPb/nzaROE3DBHkKknw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1731930500; a=rsa-sha256; cv=none; b=fNxXPnQXIursCCj9sSF5sMnvBFnzfxlKGGl4T7Cdpt9uDQBQMp9YWprWyhdayweO0Qb719 Iv5XaZxlxBdVyPNvUUgUDs6yCRIvXuIicG6KoyV4vWBwn2hBUuB/jdvKe0uJJ2fC2NQPJv Zcr1/atGR3aCtpOGVRICA/ZKabTnywZDcoql3Dd1LeG5qVoM2m6B14TbfQrdgsqXGUjCHt 4ClHzUOkkOyZbOwK+RGZF3Us/UtAAv9XMPFaQu6TXmVbq/4JgptSVI7a3wwN5jwkLLMSBt DR0Ah1ys3QujMEkN9mA9lCMoWefG0qi56AyQmRHSRXR2KTw6kjJz6wzhYeQbpw== Received: from ltc.des.dev (88-177-82-251.subs.proxad.net [88.177.82.251]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: des) by smtp.freebsd.org (Postfix) with ESMTPSA id 4XsQqm1N4kzyqH; Mon, 18 Nov 2024 11:48:20 +0000 (UTC) (envelope-from des@freebsd.org) Received: by ltc.des.dev (Postfix, from userid 1001) id 613219CA0; Mon, 18 Nov 2024 12:48:17 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Lasse Kliemann Cc: freebsd-security@freebsd.org Subject: Re: CVE-2024-39281 allegedly not fixed in 14.1 In-Reply-To: <871pzbgvro.fsf@lassekliemann.de> (Lasse Kliemann's message of "Sat, 16 Nov 2024 14:20:43 +0100") References: <871pzbgvro.fsf@lassekliemann.de> User-Agent: Gnus/5.13 (Gnus v5.13) Date: Mon, 18 Nov 2024 12:48:17 +0100 Message-ID: <86wmh0sqym.fsf@ltc.des.dev> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Lasse Kliemann writes: > Since a few days, I see this warning: > > Checking for security vulnerabilities in base (userland & kernel): > Database fetched: 2024-11-15T19:30+00:00 > FreeBSD-kernel-14.1_5 is vulnerable: > FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer > CVE: CVE-2024-39281 > WWW: https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1= f29c.html > > The corresponding SA (FreeBSD-SA-24:18.ctl) is from 2024-10-29. Since > I install updates regularly, it should be applied already. Indeed: > > # freebsd-update fetch > ... > No updates needed to update system to 14.1-RELEASE-p6. > > # uname -a > FreeBSD ... 14.1-RELEASE-p5 FreeBSD 14.1-RELEASE-p5 GENERIC amd64 > > What should I do in response to the warning? It's a false positive. The advisory only affected the ctl driver, which is not included in the GENERIC kernel, therefore the kernel itself was not updated and does not reflect the patch level. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org From nobody Mon Nov 18 14:37:16 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XsVZr5y0Kz5dB6B for ; Mon, 18 Nov 2024 14:37:24 +0000 (UTC) (envelope-from stephen.wall@redcom.com) Received: from BN8PR09CU001.outbound.protection.outlook.com (mail-eastus2azlp170120005.outbound.protection.outlook.com [IPv6:2a01:111:f403:c110::5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XsVZq2mSVz4dYg for ; Mon, 18 Nov 2024 14:37:23 +0000 (UTC) (envelope-from stephen.wall@redcom.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=redcom.com header.s=selector1 header.b=auUPzCFG; spf=pass (mx1.freebsd.org: domain of stephen.wall@redcom.com designates 2a01:111:f403:c110::5 as permitted sender) smtp.mailfrom=stephen.wall@redcom.com; dmarc=pass (policy=none) header.from=redcom.com; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nhVeJ/1dPif481Dz24Cmmnu/dx12MNrmnh8+IjLnIIFsYN08m9PCBcWmcfv+fj40024bhN4M+hCmFkp22H5oasDjcGzxWMUwPeg5Gl829sVsY8WPqD0MUITPF4qQcmnpvSir2Z7cWpDhuTdiCWclK2JCI6ZosDD9o4vPyxwz/lNskBsKD5lBp6Oujmn3QX7PCfAFQPemxSPnK47liPkkQc2vwBmY3xLpJN+T0m6OWIxNeGmh9meHBXatyR7zxaARG7P3VNZrcYIkIKa/yfHcx0UP3t0zCYqkR/GVoFsKveZtKdPY0F34UbPu/2wT0llj8lb6WpZnTdv/hCmY9qMo+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5nLxFgDLMCnbws8cMz/xKLaRdS2/g3NyRs3H+B7tQH0=; b=fUsns4M0Fjtb/66EkcSl9mINOqizARJ7wPjtINgXw3+af7xqVcc9xPWHzvFqRMBe0gxmKIOgrHqva68QOcf8XbFHIsD1GxcvA2Sgkm/toOC3KTURwXTb+k8MPQooyrQMlprY00Je30cmjiQuFzu0H2Uqx76BZZEs25ZGfS5PsnA7Ras8T4CoBdjOibjRkTk42LHaCKZML0r8VIqGtUAwz57m0MllwYEzUGqAo1MFqYk/oqDeO91Xe/Qbu4AUI1NFTN2A+JJhoxgzN4bQ8JKi/ji+R4167z6T+8Kfm2IIHtnjmIpNtGXzzZhgaPxBNsg4424zgRIa+4Zl8eL6Fh8n0Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=redcom.com; dmarc=pass action=none header.from=redcom.com; dkim=pass header.d=redcom.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redcom.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5nLxFgDLMCnbws8cMz/xKLaRdS2/g3NyRs3H+B7tQH0=; b=auUPzCFGRHWjfcNz0cQn8/GsnG9SsPBz6PG6fsKPsyyeOk/0JpR/Nd/Lui8KTTn/Ldwyx+ITSA3vBvs+w4FoNFL21Zb4HhfXj+AJ05Rk3c+pjkyf4o1bCOaJGxL09l05Lo0bjlHGeSCpggRKIqjWvxlpjz6C2lYX7y2QV6A2V1WorcY7lHs5UwqtyHoVXbbSCl5FJmJ4Ni+ScM1jbb/llWxzNmLceOFNZEbHOo/E3YxrW5p1sMPro0up6oDgdw1tOb+rXiCILmsOtV1LGJa6US8KElinEw6nhgUsfFMnrfrl2fUV1lb8aHfTfQhQEIEt9KHLTaRRsP+ZLQEwKE1LaQ== Received: from MW4PR09MB9284.namprd09.prod.outlook.com (2603:10b6:303:1f2::12) by SJ0PR09MB10536.namprd09.prod.outlook.com (2603:10b6:a03:515::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.23; Mon, 18 Nov 2024 14:37:17 +0000 Received: from MW4PR09MB9284.namprd09.prod.outlook.com ([fe80::7849:d1ba:7ac7:46e]) by MW4PR09MB9284.namprd09.prod.outlook.com ([fe80::7849:d1ba:7ac7:46e%5]) with mapi id 15.20.8158.023; Mon, 18 Nov 2024 14:37:17 +0000 From: "Wall, Stephen" To: "freebsd-security@freebsd.org" Subject: FreeBSD-SA-24:18.ctl impacted systems Thread-Topic: FreeBSD-SA-24:18.ctl impacted systems Thread-Index: Ads5xkusw/fdlCyfQ4y/lPK1ZbAWgw== Date: Mon, 18 Nov 2024 14:37:16 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR09MB9284:EE_|SJ0PR09MB10536:EE_ x-ms-office365-filtering-correlation-id: a86379c1-8857-4310-6420-08dd07de8021 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|41320700013|366016|8096899003|38070700018; x-microsoft-antispam-message-info: =?utf-8?B?TU1TZCtpNXlCL0FlbE9XcWRkR2FxcXhlUGl1VFRlZXY4ZjhyUVJoYk5sMnE0?= =?utf-8?B?dkRHOFNWVTN1UDAxYlBrNWEzRlpveGFBR0Rtdi9LV2E5NDdGRzZsZENoMlBV?= =?utf-8?B?TFVqNlhQRncwT21Tb0FaWGlHZlJGK2oreU81TUVxcmVMcUU0Nmt3TVZJeThu?= =?utf-8?B?ZkFCd0ZwM0FuS2xDZm02Sm9DY0tCMml5VTBXNmpSbWI1QnVZNUpNbnBGOWNX?= =?utf-8?B?eVgycnp0Y1hDQjR2cmtBaWQweGdVaExIZlZwc3ZnQzdpL3ozczBJRDk0eHRz?= =?utf-8?B?bTB6ZXBKM3pqM1crcU5jM2dCM3NDRTFZWFR4YitaOFF4MVNhbm1oTXgvblkw?= =?utf-8?B?VHVRanF6RUlLLy9WMHJ4c3gxc3NXUmNKZTZyMk9YR2ZOL2h1VHJleXREK1hm?= =?utf-8?B?V2lESklZZjNmdlZRd1lYcXNDL1RnWUxSTVY4OEJScWgydW4vUXRxK0RpNmVr?= =?utf-8?B?WHB4YUtRdDFLb3R3NGFuQlZhcW5vNTYvb0ZsbkdJVXdHTDRHTTZnR2RMbW5l?= =?utf-8?B?WjU3L1hjQzdHSzE3VjRqOXFOY1Vta3F4b3BjV3JMRlRYSDNsY0lVcWw5czIx?= =?utf-8?B?SnlmeW9SV0RCUHpqN1dOWFFXWkNHUmVUTmJwWU5IU1A3bkJueGMxTTV1bi9n?= =?utf-8?B?M1lNQXRCc2w3VDY4SGJQQUlDOTUyZkR1dnZpOWVya0t2am9sdG1EOGhrdmZI?= =?utf-8?B?bEdzRkVMeXBmdTNkUXM3OCtFeVYxWGFYRFd4WmJDWU9mQTZwcm4xcmFPSzht?= =?utf-8?B?Y1Jyams3QkM3ZnBsK3RvQ1Z3R21UMVJRZm55SFNIOG5QR2lRR0NFWW5iKzdO?= =?utf-8?B?YVhGdW5qRFB0VGNxRHA4d2l2Z2tBK1FsK2FBU1o2ZnRWYUp2WS9uaVN5S2l4?= =?utf-8?B?NStJd2N6RHdTdG43VWtqYVRLSHFtQnk4N3YxOTdVSVVUOEgrN2lDYUZsdGpE?= =?utf-8?B?ZGJWZXREb2N6UzVISmJ4Q0RqK3FRQW5uUEdMdGx6K2JFZkpsd0VVbHVTczAy?= =?utf-8?B?UkdPYTgxeVRiWlU1WHJTdWhYa05FTlhUbTl6eEFmVFFGQ3A0bk1qOGxKYkw3?= =?utf-8?B?Rks3Zi9aN2tSN0Uxa2c2VE85Q0g4WG9vaVp2cVdlMTlTNW41R056elZmMlNt?= =?utf-8?B?LzZWeEgzTEt5VEtYR0t6Y1lhUGVJMUgrY1ZlOUlrZkdHelpFaHdLWWhxQzEw?= =?utf-8?B?OHU4SDV1YjNTUnJqajVicXp3WWFBVEEwNXpGVUNpeE9lNXhxMnU5aVpLMkxZ?= =?utf-8?B?QTA4TXVsS1E4Z0lIK0Zyc0wxemJKbjhiVHN4cGs5VGhJdVFpVm9lRUhoOW9p?= =?utf-8?B?SXBMUzlMbllxaXNHZ2wzaE11cGNDelpHTWdMMWFWWGVXblVEL29rT1gxYmVk?= =?utf-8?B?VjFUQzBDa0wxN3pWWGJ3bGp5OXNFWmFMWWZEK0gzcDNoU0hlU2Qwei93K1Ri?= =?utf-8?B?Ukp3alVHdGp3MUd4Nk9WdGpiSmRXZUVobVpteFQxOXREM0NicG9UT2R2ZTdo?= =?utf-8?B?NEJENUVFQmZYUGVGZjhEcnpuZGJmeTJqUk9iZHNndHlOWDBsWlc0T0pXWDdR?= =?utf-8?B?bWdqTDlkYm9UQ1EwdEVLeTBPa1hEbkQ0aFFWTXE5YzVpd21VOE5SbzljcWpx?= =?utf-8?B?TWNsWWo5N2Y5cXRKbWlrdDZEQ3NHWTJIcHA0S2FLZVlRZXpCd3p5SEFldkZ5?= =?utf-8?B?Q1RVZVdOQzVvTitPWk5FbFRwYnBaY2IwM1JnZlNuVDJpL21SSUd2Y1MyWmEw?= =?utf-8?Q?XQHBcswG/zPS5ctKX+PAaFIWXR5XzZXWPTvuudY?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR09MB9284.namprd09.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(41320700013)(366016)(8096899003)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?U00zQjArUVU2OGM1VGh5b29UTm1jT1RzTmhJaU5uZjRyR0hRQkhkeWlxK3pB?= =?utf-8?B?ZkpxTGFDRzhKam15WGNUYzltZGNxcmEveEVYRDJjNHhCSTNoaGtzSVlNQkJ6?= =?utf-8?B?amo1enVzaUhnWmliMXB3WkR1WGRlTk93TXZmQU9lSUNmL3poZ2hkZDNOMG92?= =?utf-8?B?NXhVdDVuT2MreUxUWnRwaWxlbUFGSnBpRDNiTmg5a2pJNm85ckdIU3A2dFpX?= =?utf-8?B?TDVaaXFOcTA4ZEptTnBjWlk5Z0l2OGU3NmV2R205N0R5K0QzSi9RUDRVazhp?= =?utf-8?B?dzVIelN5clU1ckRLdlFydkdzMWt6VW80eDk0WWdBMENIcFJXdUtxK25XSTNM?= =?utf-8?B?WmtPYmNtdDhZRmNzcC9jQzlYUzZTaXAyd1JHUXY2RndhWld2TExXZVJIYmh3?= =?utf-8?B?dnVqZDZjeW5ZQml6Mm54anloU3Q3b2NzWUNENDZkYTBiVU5qUmJLRTRMUXN3?= =?utf-8?B?dlBpbDJvd0dYQ1ExRFlJeWdjOWRqb2tkd0J0ek1PcFI4bUU0aUhJa2VTNDVk?= =?utf-8?B?Q2F6ZndSSGplcVVBTWRuN3I4eGpKOVM4TkcxNW55U2NBQmdCaWd4aWFFaWRU?= =?utf-8?B?SG5iUS9XYkJET0RkUmZ1ZUVTR08wQ01aMWcyd3dWdTFDT3h1cGlHU2QwbXpW?= =?utf-8?B?VGdsNUhVbGNvWHZVZjZ3TUorVEhHVnpMSFVlTkUzVlBhRHNhdkVGdUlLK1Vj?= =?utf-8?B?Qk9KY3krVzBleDNpaXZsa29kcm1KQzRGMFpVb2lXb05nTkVoYTUrcVhrUEMz?= =?utf-8?B?UUMreS9rbW5mN2d1OCtaQnl0TTVFMmZ1VzI1alRrcFJuZWZKQUgza2FJTEQ3?= =?utf-8?B?ejMwam4rS1psUXQ2dWdvSFEySlh6aGFHSXNyUlBPbEw3a1F4Y04vWFpJVWsx?= =?utf-8?B?RnNaOHArbHNOVFpjNjVDNU9HZEVQdWc0YjJSWi9TdDlsMmJhWkdTUFVQSnZS?= =?utf-8?B?Wkhka01vT1dzNDhRaDZTYkdLOFF4d2o4SStackdBL1NpaG1lTThsTFVzcHcv?= =?utf-8?B?SE1SNGhiS3BwV2tlZmVxaTdEVDhBUnBjMklpbnNjZmMwZ2lkaGZxak05TCtx?= =?utf-8?B?QUJRb3hEa0pDRXNBVGc3VDF1aU1EaDQ5THA4amtSWVhXbSs3NkxuRjd1Y0NC?= =?utf-8?B?QVR6UkphUUdlSzJOSjA5YzFRZVRlTUFqTWRSa2svOXBOMzhiRHQ1cEk4VERX?= =?utf-8?B?KzQycHluK0kyZEdmNUxiVU9GRUZKdHMzbEk1ckpMVGZlQTNXaERWNy8vTzRO?= =?utf-8?B?RWlSWWh0U2ZLQVZISzVvNlAyeElCUTlhRXJUaU1PcDVqWjFyQnZGcE0ycE4z?= =?utf-8?B?NTcvYTExVit2R3RPTVFPQXJIOUpEaDhKUVZXQ1F2eHdGQTZCdEMyN0Q2MEFX?= =?utf-8?B?amw5L3VBSS9wWGIxbWVGemE3VEhNbVpsMnFKNUlpTnNKeDQyQWUyRy9DSytM?= =?utf-8?B?NGlrVnJXTUtaOE9tTFlSTDFnd05INFFUWm5FNURFcnJiVkZmNGErNExTa0da?= =?utf-8?B?V0xkWnNuMFhSRnN5SDZzOE91Z25yeDFCZVJZQ0pFVHNtMkZ4SXRvNkJFbWxK?= =?utf-8?B?THMxK1hiQmF5L1o3bDlnMnBKRW1BMTh3bWg0VkRrNFFMZFVtZ2pFcGpFK000?= =?utf-8?B?enk5bXQ5aFA1eXRILzdtSW5vZzJ2N3M2RHQ5U0VScXExSVZHbWNTdDhsdVNV?= =?utf-8?B?Yjc0RUl5UXNzRnNnVC9UU2hVNjROZzlGbnRwMHNTTGVWWVJPSCtlbTl2N25U?= =?utf-8?B?SzZxVWs5SHBZTjlaY2JVZjFESTNpbUpUSllhdkE3eURWYkVpL1ZZZk16M1p0?= =?utf-8?B?dnVqdjh6UnpyMzRTSGJzaFlKMjY3M21iNUV3dnBjWklJaGsyTXhhUnovaitD?= =?utf-8?B?TmdZZ1ZCbklOTmoxbXY5Smc2UkxYUXR3UjJMR3g3UlRTdkE0SkZXb1RHTGpU?= =?utf-8?B?Z0VrdXdHU0wwRTZ2dGhFT3QrZldTSEc5MjdUY0RJcTZ4amFaQnNsaVd5cTE5?= =?utf-8?B?cW5yanJKUjgzL09QV3hJTXNHaUVPdVlxSDRyNEhvdFNocThqLzM0cXJHUXQw?= =?utf-8?B?VGd0RnRrM016YTQxYlE0TTQ1N1VuTHFTajgzanVjSnhkeUtGS2RRTWZuT1A1?= =?utf-8?Q?X+Ec=3D?= Content-Type: multipart/related; boundary="_004_MW4PR09MB928420FD37A426CE88741428EE272MW4PR09MB9284namp_"; type="multipart/alternative" List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 X-OriginatorOrg: redcom.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR09MB9284.namprd09.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a86379c1-8857-4310-6420-08dd07de8021 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2024 14:37:16.8806 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 86200ba5-6348-4d6f-bdd7-96f43e8d9247 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR09MB10536 X-Spamd-Result: default: False [-4.74 / 15.00]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector10001:i=1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.84)[-0.837]; DMARC_POLICY_ALLOW(-0.50)[redcom.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2a01:111:f403:c000::/51]; R_DKIM_ALLOW(-0.20)[redcom.com:s=selector1]; MIME_GOOD(-0.10)[multipart/related,multipart/alternative,text/plain]; MIME_BASE64_TEXT(0.10)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MISSING_XM_UA(0.00)[]; ASN(0.00)[asn:8075, ipnet:2a01:111:f000::/36, country:US]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; TO_DN_EQ_ADDR_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; DKIM_TRACE(0.00)[redcom.com:+] X-Rspamd-Queue-Id: 4XsVZq2mSVz4dYg X-Spamd-Bar: ---- --_004_MW4PR09MB928420FD37A426CE88741428EE272MW4PR09MB9284namp_ Content-Type: multipart/alternative; boundary="_000_MW4PR09MB928420FD37A426CE88741428EE272MW4PR09MB9284namp_" --_000_MW4PR09MB928420FD37A426CE88741428EE272MW4PR09MB9284namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 R29vZCBkYXksIGZvbGtzLg0KDQpJIGFtIHNlZWtpbmcgY2xhcmlmaWNhdGlvbiBvZiBzdGF0ZW1l bnRzIGluIGh0dHBzOi8vd3d3LmZyZWVic2Qub3JnL3NlY3VyaXR5L2Fkdmlzb3JpZXMvRnJlZUJT RC1TQS0yNDoxOC5jdGwuYXNjLg0KU2VjdGlvbiBJSUksIEltcGFjdCBzYXlzIOKAnEEgbWFsaWNp b3VzIGd1ZXN0IGNvdWxkIGNhdXNlIGEgRGVuaWFsIG9mIFNlcnZpY2UgKERvUykgb24gdGhlIGhv c3Qu4oCdDQpEb2VzIHRoaXMgaW1wbHkgdGhhdCBvbmx5IEZyZWVCU0Qgc3lzdGVtcyBhY3Rpbmcg YXMgYSBWaXJ0dWFsaXphdGlvbiBNYW5hZ2VyIGFyZSBpbXBhY3RlZD8gIE9yIGNvdWxkIG90aGVy IFZNIGhvc3RzIGJlIGltcGFjdGVkIGJ5IGEgRnJlZUJTRCBndWVzdD8gIEFuZCBhcmUgYmFyZSBt ZXRhbCBpbnN0YWxsYXRpb25zIGFmZmVjdGVkIGF0IGFsbD8NCkFsc28sIEkgYW0gdW5mYW1pbGlh ciB3aXRoIGN0bGQoOCkg4oCTIGlzIGl0IG9ubHkgdXNlZCB3aXRoIHZpcnR1YWxpemF0aW9uLCBv ciBjb3VsZCBpdCBiZSB1c2VkIGluIHRoZSBhZm9yZW1lbnRpb25lZCBiYXJlIG1ldGFsIEZyZWVC U0QsIGFuZCBmb3Igd2hhdCBwdXJwb3NlPw0KDQpUaGFuayB5b3UuDQpTdGV2ZSBXYWxsDQoNCi0t DQpTdGVwaGVuIFdhbGwNClNlbmlvciBTdGFmZiBTb2Z0d2FyZSBFbmdpbmVlcg0KNTg1LjkyNC43 NTUwDQpbY2lkOmltYWdlMDAxLnBuZ0AwMURCMzk5Qy5GMjlBRTM0MF0NClJFRENPTSBMYWJvcmF0 b3JpZXMsIEluYy48aHR0cHM6Ly93d3cucmVkY29tLmNvbS8+DQpSZXNlYXJjaCwgRW5naW5lZXJp bmcsICYgRGV2ZWxvcG1lbnQgaW4gQ29tbXVuaWNhdGlvbnMNCk9uZSBSZWRjb20gQ2VudGVyLCBW aWN0b3IsIE5ZIDE0NTY0LTA5OTUNCg0K --_000_MW4PR09MB928420FD37A426CE88741428EE272MW4PR09MB9284namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7 YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0 I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl DQoJe2ZvbnQtZmFtaWx5OldpbmdkaW5nczsNCglwYW5vc2UtMTo1IDAgMCAwIDAgMCAwIDAgMCAw O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6 MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7 DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZh bWlseTpBcHRvczt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNvbnNvbGFzOw0KCXBhbm9z ZS0xOjIgMTEgNiA5IDIgMiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1z b05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowaW47DQoJZm9u dC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQXB0b3MiLHNhbnMtc2VyaWY7DQoJbXNvLWxp Z2F0dXJlczpzdGFuZGFyZGNvbnRleHR1YWw7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0K CXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6IzQ2Nzg4NjsNCgl0ZXh0LWRlY29yYXRp b246dW5kZXJsaW5lO30NCnNwYW4uRW1haWxTdHlsZTE5DQoJe21zby1zdHlsZS10eXBlOnBlcnNv bmFsLWNvbXBvc2U7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6 d2luZG93dGV4dDsNCglmb250LXdlaWdodDpub3JtYWw7DQoJZm9udC1zdHlsZTpub3JtYWw7fQ0K Lk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXpl OjExLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFy Z2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpX b3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0aW9ucyAqLw0KQGxpc3QgbDANCgl7bXNvLWxp c3QtaWQ6NzQxMTc0MjcwOw0KCW1zby1saXN0LXR5cGU6aHlicmlkOw0KCW1zby1saXN0LXRlbXBs YXRlLWlkczoxOTM3MDM0ODM2IC0xMjQ4NDAwNTg0IDY3Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5 IDY3Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4NjkxIDY3Njk4NjkzO30NCkBsaXN0IGww OmxldmVsMQ0KCXttc28tbGV2ZWwtc3RhcnQtYXQ6MDsNCgltc28tbGV2ZWwtbnVtYmVyLWZvcm1h dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6LTsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsN Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0K CWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCW1zby1mYXJlYXN0LWZvbnQtZmFt aWx5OkFwdG9zO30NCkBsaXN0IGwwOmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCglt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZv bnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2ZWwzDQoJe21zby1sZXZlbC1u dW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRh Yi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k ZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJ e21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJ bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0 Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6 bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4 dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp b246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3 Ijt9DQpAbGlzdCBsMDpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K CW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2 ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFt aWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9u ZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWlu Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDgNCgl7bXNvLWxldmVsLW51 bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1z dG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50 Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGwwOmxldmVsOQ0K CXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0K CW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm dDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCm9sDQoJ e21hcmdpbi1ib3R0b206MGluO30NCnVsDQoJe21hcmdpbi1ib3R0b206MGluO30NCi0tPjwvc3R5 bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0 IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDld Pjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRp dCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVh ZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSIjNDY3ODg2IiB2bGluaz0iIzk2NjA3RCIgc3R5 bGU9IndvcmQtd3JhcDpicmVhay13b3JkIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPkdvb2QgZGF5LCBmb2xrcy48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEyLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYi PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss c2Fucy1zZXJpZiI+SSBhbSBzZWVraW5nIGNsYXJpZmljYXRpb24gb2Ygc3RhdGVtZW50cyBpbg0K PGEgaHJlZj0iaHR0cHM6Ly93d3cuZnJlZWJzZC5vcmcvc2VjdXJpdHkvYWR2aXNvcmllcy9GcmVl QlNELVNBLTI0OjE4LmN0bC5hc2MiPmh0dHBzOi8vd3d3LmZyZWVic2Qub3JnL3NlY3VyaXR5L2Fk dmlzb3JpZXMvRnJlZUJTRC1TQS0yNDoxOC5jdGwuYXNjPC9hPi48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPlNlY3Rpb24gSUlJLCBJ bXBhY3Qgc2F5cyDigJxBIG1hbGljaW91cyBndWVzdCBjb3VsZCBjYXVzZSBhIERlbmlhbCBvZiBT ZXJ2aWNlIChEb1MpIG9uIHRoZSBob3N0LuKAnTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+RG9lcyB0aGlzIGltcGx5IHRoYXQgb25s eSBGcmVlQlNEIHN5c3RlbXMgYWN0aW5nIGFzIGEgVmlydHVhbGl6YXRpb24gTWFuYWdlciBhcmUg aW1wYWN0ZWQ/Jm5ic3A7IE9yIGNvdWxkIG90aGVyIFZNIGhvc3RzIGJlIGltcGFjdGVkIGJ5IGEg RnJlZUJTRCBndWVzdD8mbmJzcDsgQW5kIGFyZSBiYXJlIG1ldGFsIGluc3RhbGxhdGlvbnMNCiBh ZmZlY3RlZCBhdCBhbGw/PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OyxzYW5zLXNlcmlmIj5BbHNvLCBJIGFtIHVuZmFtaWxpYXIgd2l0aCBjdGxkKDgpIOKA kyBpcyBpdCBvbmx5IHVzZWQgd2l0aCB2aXJ0dWFsaXphdGlvbiwgb3IgY291bGQgaXQgYmUgdXNl ZCBpbiB0aGUgYWZvcmVtZW50aW9uZWQgYmFyZSBtZXRhbCBGcmVlQlNELCBhbmQgZm9yIHdoYXQg cHVycG9zZT88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LHNhbnMtc2VyaWYiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssc2Fucy1zZXJpZiI+VGhhbmsgeW91LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+U3RldmUgV2FsbDxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTIuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+PG86 cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxk aXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRp dj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2 Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+ DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4N CjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtj b2xvcjpncmF5Ij4tLQ0KPHNwYW4gc3R5bGU9Im1zby1saWdhdHVyZXM6bm9uZSI+PG86cD48L286 cD48L3NwYW4+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LHNhbnMtc2VyaWY7Y29sb3I6Z3JheSI+U3RlcGhlbiBXYWxsPG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtj b2xvcjpncmF5Ij5TZW5pb3IgU3RhZmYgU29mdHdhcmUgRW5naW5lZXI8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm O2NvbG9yOmdyYXkiPjU4NS45MjQuNzU1MDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6Z3JheSI+PGlt ZyBib3JkZXI9IjAiIHdpZHRoPSIyMDAiIGhlaWdodD0iNTYiIHN0eWxlPSJ3aWR0aDoyLjA4MzNp bjtoZWlnaHQ6LjU4MzNpbiIgaWQ9IlBpY3R1cmVfeDAwMjBfMSIgc3JjPSJjaWQ6aW1hZ2UwMDEu cG5nQDAxREIzOTlDLkYyOUFFMzQwIj48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpncmF5Ij48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmdyYXkiPjxh IGhyZWY9Imh0dHBzOi8vd3d3LnJlZGNvbS5jb20vIj48c3BhbiBzdHlsZT0iY29sb3I6Z3JheSI+ UkVEQ09NIExhYm9yYXRvcmllcywgSW5jLjwvc3Bhbj48L2E+PG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpncmF5Ij5SZXNlYXJjaCwgRW5naW5lZXJpbmcs ICZhbXA7IERldmVsb3BtZW50IGluIENvbW11bmljYXRpb25zPG86cD48L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xv cjpncmF5Ij5PbmUgUmVkY29tIENlbnRlciwgVmljdG9yLCBOWSAxNDU2NC0wOTk1PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwv ZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9k aXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rp dj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2 Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+ DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4N CjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rp dj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_MW4PR09MB928420FD37A426CE88741428EE272MW4PR09MB9284namp_-- --_004_MW4PR09MB928420FD37A426CE88741428EE272MW4PR09MB9284namp_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=10286; creation-date="Mon, 18 Nov 2024 14:37:16 GMT"; modification-date="Mon, 18 Nov 2024 14:37:16 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAMgAAAA4CAYAAAC4yreHAAAABGdBTUEAALGPC/xhBQAACklpQ0NQ c1JHQiBJRUM2MTk2Ni0yLjEAAEiJnVN3WJP3Fj7f92UPVkLY8LGXbIEAIiOsCMgQWaIQkgBhhBAS QMWFiApWFBURnEhVxILVCkidiOKgKLhnQYqIWotVXDjuH9yntX167+3t+9f7vOec5/zOec8PgBES JpHmomoAOVKFPDrYH49PSMTJvYACFUjgBCAQ5svCZwXFAADwA3l4fnSwP/wBr28AAgBw1S4kEsfh /4O6UCZXACCRAOAiEucLAZBSAMguVMgUAMgYALBTs2QKAJQAAGx5fEIiAKoNAOz0ST4FANipk9wX ANiiHKkIAI0BAJkoRyQCQLsAYFWBUiwCwMIAoKxAIi4EwK4BgFm2MkcCgL0FAHaOWJAPQGAAgJlC LMwAIDgCAEMeE80DIEwDoDDSv+CpX3CFuEgBAMDLlc2XS9IzFLiV0Bp38vDg4iHiwmyxQmEXKRBm CeQinJebIxNI5wNMzgwAABr50cH+OD+Q5+bk4eZm52zv9MWi/mvwbyI+IfHf/ryMAgQAEE7P79pf 5eXWA3DHAbB1v2upWwDaVgBo3/ldM9sJoFoK0Hr5i3k4/EAenqFQyDwdHAoLC+0lYqG9MOOLPv8z 4W/gi372/EAe/tt68ABxmkCZrcCjg/1xYW52rlKO58sEQjFu9+cj/seFf/2OKdHiNLFcLBWK8ViJ uFAiTcd5uVKRRCHJleIS6X8y8R+W/QmTdw0ArIZPwE62B7XLbMB+7gECiw5Y0nYAQH7zLYwaC5EA EGc0Mnn3AACTv/mPQCsBAM2XpOMAALzoGFyolBdMxggAAESggSqwQQcMwRSswA6cwR28wBcCYQZE QAwkwDwQQgbkgBwKoRiWQRlUwDrYBLWwAxqgEZrhELTBMTgN5+ASXIHrcBcGYBiewhi8hgkEQcgI E2EhOogRYo7YIs4IF5mOBCJhSDSSgKQg6YgUUSLFyHKkAqlCapFdSCPyLXIUOY1cQPqQ28ggMor8 irxHMZSBslED1AJ1QLmoHxqKxqBz0XQ0D12AlqJr0Rq0Hj2AtqKn0UvodXQAfYqOY4DRMQ5mjNlh XIyHRWCJWBomxxZj5Vg1Vo81Yx1YN3YVG8CeYe8IJAKLgBPsCF6EEMJsgpCQR1hMWEOoJewjtBK6 CFcJg4Qxwicik6hPtCV6EvnEeGI6sZBYRqwm7iEeIZ4lXicOE1+TSCQOyZLkTgohJZAySQtJa0jb SC2kU6Q+0hBpnEwm65Btyd7kCLKArCCXkbeQD5BPkvvJw+S3FDrFiOJMCaIkUqSUEko1ZT/lBKWf MkKZoKpRzame1AiqiDqfWkltoHZQL1OHqRM0dZolzZsWQ8ukLaPV0JppZ2n3aC/pdLoJ3YMeRZfQ l9Jr6Afp5+mD9HcMDYYNg8dIYigZaxl7GacYtxkvmUymBdOXmchUMNcyG5lnmA+Yb1VYKvYqfBWR yhKVOpVWlX6V56pUVXNVP9V5qgtUq1UPq15WfaZGVbNQ46kJ1Bar1akdVbupNq7OUndSj1DPUV+j vl/9gvpjDbKGhUaghkijVGO3xhmNIRbGMmXxWELWclYD6yxrmE1iW7L57Ex2Bfsbdi97TFNDc6pm rGaRZp3mcc0BDsax4PA52ZxKziHODc57LQMtPy2x1mqtZq1+rTfaetq+2mLtcu0W7eva73VwnUCd LJ31Om0693UJuja6UbqFutt1z+o+02PreekJ9cr1Dund0Uf1bfSj9Rfq79bv0R83MDQINpAZbDE4 Y/DMkGPoa5hpuNHwhOGoEctoupHEaKPRSaMnuCbuh2fjNXgXPmasbxxirDTeZdxrPGFiaTLbpMSk xeS+Kc2Ua5pmutG003TMzMgs3KzYrMnsjjnVnGueYb7ZvNv8jYWlRZzFSos2i8eW2pZ8ywWWTZb3 rJhWPlZ5VvVW16xJ1lzrLOtt1ldsUBtXmwybOpvLtqitm63Edptt3xTiFI8p0in1U27aMez87Ars muwG7Tn2YfYl9m32zx3MHBId1jt0O3xydHXMdmxwvOuk4TTDqcSpw+lXZxtnoXOd8zUXpkuQyxKX dpcXU22niqdun3rLleUa7rrStdP1o5u7m9yt2W3U3cw9xX2r+00umxvJXcM970H08PdY4nHM452n m6fC85DnL152Xlle+70eT7OcJp7WMG3I28Rb4L3Le2A6Pj1l+s7pAz7GPgKfep+Hvqa+It89viN+ 1n6Zfgf8nvs7+sv9j/i/4XnyFvFOBWABwQHlAb2BGoGzA2sDHwSZBKUHNQWNBbsGLww+FUIMCQ1Z H3KTb8AX8hv5YzPcZyya0RXKCJ0VWhv6MMwmTB7WEY6GzwjfEH5vpvlM6cy2CIjgR2yIuB9pGZkX +X0UKSoyqi7qUbRTdHF09yzWrORZ+2e9jvGPqYy5O9tqtnJ2Z6xqbFJsY+ybuIC4qriBeIf4RfGX EnQTJAntieTE2MQ9ieNzAudsmjOc5JpUlnRjruXcorkX5unOy553PFk1WZB8OIWYEpeyP+WDIEJQ LxhP5aduTR0T8oSbhU9FvqKNolGxt7hKPJLmnVaV9jjdO31D+miGT0Z1xjMJT1IreZEZkrkj801W RNberM/ZcdktOZSclJyjUg1plrQr1zC3KLdPZisrkw3keeZtyhuTh8r35CP5c/PbFWyFTNGjtFKu UA4WTC+oK3hbGFt4uEi9SFrUM99m/ur5IwuCFny9kLBQuLCz2Lh4WfHgIr9FuxYji1MXdy4xXVK6 ZHhp8NJ9y2jLspb9UOJYUlXyannc8o5Sg9KlpUMrglc0lamUycturvRauWMVYZVkVe9ql9VbVn8q F5VfrHCsqK74sEa45uJXTl/VfPV5bdra3kq3yu3rSOuk626s91m/r0q9akHV0IbwDa0b8Y3lG19t St50oXpq9Y7NtM3KzQM1YTXtW8y2rNvyoTaj9nqdf13LVv2tq7e+2Sba1r/dd3vzDoMdFTve75Ts vLUreFdrvUV99W7S7oLdjxpiG7q/5n7duEd3T8Wej3ulewf2Re/ranRvbNyvv7+yCW1SNo0eSDpw 5ZuAb9qb7Zp3tXBaKg7CQeXBJ9+mfHvjUOihzsPcw83fmX+39QjrSHkr0jq/dawto22gPaG97+iM o50dXh1Hvrf/fu8x42N1xzWPV56gnSg98fnkgpPjp2Snnp1OPz3Umdx590z8mWtdUV29Z0PPnj8X dO5Mt1/3yfPe549d8Lxw9CL3Ytslt0utPa49R35w/eFIr1tv62X3y+1XPK509E3rO9Hv03/6asDV c9f41y5dn3m978bsG7duJt0cuCW69fh29u0XdwruTNxdeo94r/y+2v3qB/oP6n+0/rFlwG3g+GDA YM/DWQ/vDgmHnv6U/9OH4dJHzEfVI0YjjY+dHx8bDRq98mTOk+GnsqcTz8p+Vv9563Or59/94vtL z1j82PAL+YvPv655qfNy76uprzrHI8cfvM55PfGm/K3O233vuO+638e9H5ko/ED+UPPR+mPHp9BP 9z7nfP78L/eE8/stRzjPAAAAIGNIUk0AAHomAACAhAAA+gAAAIDoAAB1MAAA6mAAADqYAAAXcJy6 UTwAAAAJcEhZcwAACxMAAAsTAQCanBgAAAT1aVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8P3hw YWNrZXQgYmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/PiA8eDp4bXBt ZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJBZG9iZSBYTVAgQ29yZSA5LjEt YzAwMSA3OS4xNDYyODk5Nzc3LCAyMDIzLzA2LzI1LTIzOjU3OjE0ICAgICAgICAiPiA8cmRmOlJE RiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMi PiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9i ZS5jb20veGFwLzEuMC8iIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMvMS4x LyIgeG1sbnM6cGhvdG9zaG9wPSJodHRwOi8vbnMuYWRvYmUuY29tL3Bob3Rvc2hvcC8xLjAvIiB4 bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RFdnQ9 Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZUV2ZW50IyIgeG1wOkNy ZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgMjUuMiAoTWFjaW50b3NoKSIgeG1wOkNyZWF0ZURh dGU9IjIwMjMtMTItMDZUMTE6Mzk6MDctMDU6MDAiIHhtcDpNb2RpZnlEYXRlPSIyMDIzLTEyLTA2 VDExOjQzOjM3LTA1OjAwIiB4bXA6TWV0YWRhdGFEYXRlPSIyMDIzLTEyLTA2VDExOjQzOjM3LTA1 OjAwIiBkYzpmb3JtYXQ9ImltYWdlL3BuZyIgcGhvdG9zaG9wOkNvbG9yTW9kZT0iMyIgeG1wTU06 SW5zdGFuY2VJRD0ieG1wLmlpZDpiMDQzNGVlZi1iYjA5LTQ1YzYtODNkMC03NzIwMTAzYmE2NDYi IHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6YjA0MzRlZWYtYmIwOS00NWM2LTgzZDAtNzcyMDEw M2JhNjQ2IiB4bXBNTTpPcmlnaW5hbERvY3VtZW50SUQ9InhtcC5kaWQ6YjA0MzRlZWYtYmIwOS00 NWM2LTgzZDAtNzcyMDEwM2JhNjQ2Ij4gPHhtcE1NOkhpc3Rvcnk+IDxyZGY6U2VxPiA8cmRmOmxp IHN0RXZ0OmFjdGlvbj0iY3JlYXRlZCIgc3RFdnQ6aW5zdGFuY2VJRD0ieG1wLmlpZDpiMDQzNGVl Zi1iYjA5LTQ1YzYtODNkMC03NzIwMTAzYmE2NDYiIHN0RXZ0OndoZW49IjIwMjMtMTItMDZUMTE6 Mzk6MDctMDU6MDAiIHN0RXZ0OnNvZnR3YXJlQWdlbnQ9IkFkb2JlIFBob3Rvc2hvcCAyNS4yIChN YWNpbnRvc2gpIi8+IDwvcmRmOlNlcT4gPC94bXBNTTpIaXN0b3J5PiA8L3JkZjpEZXNjcmlwdGlv bj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PiKEHHYAABhOSURB VHic7Z15lBTV1cB/r6q3mYZBFFERd4m7aEJiPtQMoDlEDSH6SdS4xLglGqsoQEFgcMsMCooUVUqU mLjEGJe4EuKCEPr4GY0xUYNxS4wYxUQi9jAzPdNb1fv+eD3YU9Mz0z0zKDmnf+c0TFe9d6ted933 7rv3vtdCSkmVKlVKo33eN1ClyvZMVUGqVOmFqoJUqdILYrAExRsSGnAecA3QBsxJNdY/Oljyq1T5 PBgUBYk3JI4FlgFHBk6tAWakGuvXD8Z1qlT5rBmQgsQbEnsCi4HTeinmAbcBV6Ya6zcP5HpVqnzW 9EtB4g2JWmA2MAeIBU57gF6iWhK4GlieaqzP9+e6Vap81lSkIPGGhABOR40aowF05EeAAzQANcBS YF9gKvARsByYJRF1vhLzOjAz1Vj/1KC0oEqVbUjZXqx4Q2Ic8H/AvTpytI7M6shFSDlGgwN1ZI0u /f/o0r9Wl/4sXfpZXfq76EhNgzFC+rfrSKkjD9bgyXhD4vF4Q2L/bde0KlUGTp8KEm9I7BpvSPwc eFFHjteRIOVjGhzU0jjhijDy4Ij0zo74HjH8BcmmSc3Jpknv1OAvjeET8b05EenFWpomXqhL/0sa PCukj46cosHr8YbE4nhDou4zaGuVKhXTo4kVb0hEgBnAfA2GCqUYr+kCK9k4cQ3AqPnPCF36z+tS HhVCviqQX/zbdSf4AAfMfWKoh/gbsEsecf+G6yaf3il7p/lrT/OEttiXck+EwENsAuYBd6Qa6/1t 2uIqVSqg5AgSb0hMRc0VrteRQwXyEw1+FEYe2akcAHE/d3adnztqmJ9lBz87vVM5AN667oTWHbzM FcP8LMP83GmHXLHqmM5zm5sm3R/xvQPDyKs06NCRIzW4HXgp3pA4hipVthO6jCDxhsQhgA0cD6Aj PSTLdfyrkk2TksVlx875zZCw9N6K4o0KS+/X626YNi0ofPJl92l5tD/khTYuL7SXM+jjXlo8tcsI sdP8taN9IRZ7iDMAPHVL9wOzU431/xzMxlapUikCIN6Q2BG4FvghBRetjnwaKWe0NE18vVTFYy// dVNM+vMiMp8OSe+gx246e0OpcifPuGu8L7Tn8kInK0IXrr7xO7eXKjd8/trxHtoyBOMKStKB8pYt TjXWtw+0oVWq9AcRb0icB9wIDC8c+7uOnNXSOOHxnip9/bIH9on52TfCMh+NyHzjffYFC3q7yFnT b/1lToS/mxWhTTktNOY3S85sKVVu+Py1mie0cyTieh92KRx+Hzg31Vi/th/tq1JlQIRQUe5Q4f3z GkxqaZyQ7q3SEK/jxpjMRiN+7sOol72+r4sMzbbNyWvhb2f18Mi0jC4ALi9VLtk0yQfurGtYtwrE 74H9gT2ABUCvCmKY1u49yS2BD3wMvAwkXMfudYQyTMsuU25P3Ow69t+L5J0M1JdRLwNsAF4B/uQ6 dnaA94FhWhFgMnAi8CVgH6AWSAObgFeBZ4Bfu47d3A/5UeCkwjXGAXuh4mM54N/AeiABPOg69kdl yjwMOL/Eqb+6jv3TCu/PAvYucepm4D/AGcC7wBZgTxFvSHRZMaUj12swo7lxwpoSQjh1xh0TarzM 72JehqiXPuvmW+f8spwbsy768ZU5LXpNVo/mOkKxQ+5Z9oO/BcuMmrdaZIQ+zRPaIh/29j6dIv0+ 1Vh/dG/yDdM6AvXAV8oW4CZgkevYmR5kD3RV2UTXsdcVybOB6RXKaAEeBG5yHbuk2dsbhmmFgIuB K4BRZVRJATcA1/f0uZSQb6CyK3bpozgohbkbmN+Xohim9W3gkRKn2oHdXMcuaZGUkDMa1eGUyvSY 6Dr2OsO0zi2UORE4oNiLlSjEOA7Tpf/MqHmrH99/7pMHFEuYZv1cj3sdTjyfIp5rfWFItuXecm4M oC6z5YZ4ruW92lxbOJ5L3RQ8f+SclV+pld6zEfz7denvjZR5TQUmtzXDUBnIaw3T2p7jMXWoXnS9 YVo3G6ZVW25Fw7T2Bn6PyngoRzkA4qjUoOcLD1Zv8vcB/oDqaMpRDoAwqj1vGKb1rTLrBKkFzqqg /AWUVo5i/g00ozrbu4sVxAKO0pHP6VISkf6UuJ9/7ejZDy87Yda9OwLU+umLanPth9Xm2uSQbOv0 63/eVHbPeu1dN3YMybTMjudaqc2lvvnDS5ZMBjhlxp2jT5j1q3tifu4PMd87Oup76FKu1IQ4VCCX VND4gTIeuPUzvF5/0YAfAc8ZprVrX4UN0zoYeAH4cg9FNgJ/RLn1S+XIHQms6+lahml9AdWRfbHE aYmaQ74EvI0yGYMMBx4xTOvsXprRGxeXU6gwwpUy07rgOvaTrmO/4jr2r1zHfmirguhIWhonvKjB sVH802qktyEq86FaP2/G/NzfzzZvnV2T77i2Jp+iNtd2d+Odi16stCVX3uM8UJtpeTaea6Mm1770 B5fcdG2tn/lbVObOrJV5YjK/Pox//KaFx32ruXHCW0g50BVd+/TwGg9cT/cv7AzDtI4qQ+5Jvcgu 9XqhD3kPlahzAHAMShmeQD1sxRwBrDZMa2hPQg3TGgE8SfdePYkyhfZ0HXu069hfcR37ENRoeg4Q NH/3Ax42TKtL72uY1jDgt3Qflf4JXALs6jr2nq5jf9l17ANQyjAVeDZQXgN+bpjW13pqSy8capjW +DLKfZNC/mAlhIIHNjdNkpvhgbFzVj4elfnpMT87Pyazw2u89KJYvp3aXDs1mdavLT35jFdqUluI tbcQa91CuKUDPZtDKwqt+Ei8mgjZIbWkh9bRUbsD6fSWEQC+EAf5mr7A00LkROijvNAXpAn9rDjY qAmBj6S/WfmuY2/o4dQGlOnwW+B3dB12z0SZC73xYS+y+0NbD/LeBp4DlhumdThwF0oxOjkUuAX1 UJfiVpSTo5inge+6jt1t6UHBWfELw7QeBO5AJaZ2MhQ1uX2n6NgSlPIU8whwjuvYbSXkdwCPG6a1 EpiJ8p52EgLuMUzrwL6cJiW4CGVC9lWmYrSt/wT6p1cXTUk/e8Opi8Iyv3/Uyz4U9TLE8h1Esm3U ZFr3qWnbMra29ZOx8Y8/HlvzccvYWDY/NooYG4WxMaH+jyDGRjtyY2v/0zw2vnnz2Hjb5rGxVMvu sUwrsVw70Xw7US9zc9TPjvnNkjN/+tziU7oEEYXctlknrmM/C9wXOLxdRvJdx/4LcDRKYYo52zCt /wmWN0zrWOB/A4fXAVNKKUfgWmmUbf8k8AbKszPWdeytylEw3c4LVF0LTCulHAH50nXsJahRrJg9 UBP9vtiCmuR38h3DtIb3VNgwrX2BbxQdakXF2fpEAxBItB466YeXnrsp6mfjYS9DJJ/eHMu1JyId bYlYx5ZETbI5EW1NJ8KIRESIRFSIREyIRBQSsc6/hUiEEYnollSiJtm8tqZ9Sy6WbiOSSxHNZwh7 6dDdzsWtPd7cwM2svgg+cLtt28v1n0LPehrKo1VM8EEDlUdXTBo4q1xXsevYHjANONR17Ptcxw72 VpfSdWjPAN8r1CuXG+hufhqGafX1lTcDjxa9rwG+10v5C+h6r3cDZX0O3UysIGebt54UyrV+I+xl COfTF85+8I5S7rayeJS9pnjR8KRcJEYkUvN+NpzZI+xlL7z44iXLf/KTWd2W5epIPKEVzKxtRtBz 1adL8/PEdeyNhmktR7lrOznRMK1hrmNvATBMawhqnlTMba5jb6zwWiVHAsO0BN1Hp1+4jv1BhfKl YVoLgeKg9O7AV+nbZFqOUuBOLkKlSQXvNUL3yfltlOn92qqppcyZU2bcGQnL/FLdzxHyc2sX3Lu8 38qxevQ+kRBiSbi1g3CmvTWczRwdyqffDvs5PSTzy0pW2sZ72hW+6JMDhzds26sOCj8LvA/T1TQc D0QCZe4axOsfAIwMHLu/n7KeQG3yUUw5k/UEao7WyUEFszLIt+l6r8+5jl32Hgm9jiC69A1N+mN0 3/NCft4CuPXrJ86r2/yv2fGPPiGKICIEMQQxIIogjNI6D8jCo4d98M65ADpM12BMqCNDOJtpNFY9 9P6i73x/pu57v9H8/MTzjZtP/pl7aRcFFEiluGLwjayCR+Z6IOi1Wl1G9fsN0yrLhgVwHfuICm6t HHl/N0zr30Cx6/VgYFXh74MCVZKoaPxgEZQPfff4JXEdO2+Y1vPA1/uQH6wnDdNaQdeJ/g/o7iH7 YeD9bZXc31YFCT6CJ8y6d6TwOq7UpI+Gv+Kau29aD6D5eVfL5y8ViN00IdBRLqAQqhuLFt57ysa7 FuCF0fvukkYu0AAB7+i5rA0w54E7Vl11zswnBf43hPSXTLPueOJB+/tb01x6mheVSyGtIIiOcktO AcYEzrVR3gf4hYHd2aDwPl0VpNiVu1Og7L9cxx7M8XjnwPvmfnieivkw8H5EmfXuBJpQjx3ANMO0 LNexPwYwTOsAYGJR+c2obISy6XEE0aBRQJ1ANiPl1mTEi9Y83Xr/oYfOE8oNiEC8JeA+gUADQoXR pB35xgEfvPMPVYYmAUOFKj/zjJdfLZ4gzRBSHi+k3AfkDOC6ShrQB0srLH9J54f7X0BwrlT8XQY3 0ijpBBkAQfllj6Y9EFSuoPySuI69ueCS7pxPRFCT9c4Ac9C1e1fBQ1c2JRXkq7MfOdL3Oi6QgERc teT2q7u4BaUm7pIqEPRlidxXIn552AfvdMutAnh19L5f7IDzlCye/tbGDV2yhK+5+6Y3rYt+fIsU YjqIeZMvu++up248PdijbGtagYtdxy4rrwz4F2V6QbYhwV62WAmCXq7gfGGgJAPvgyNWpQTb0lxB 3RV0nXBfZJjWTahR5fuBshWZV1CkIMVTdB+xzBeakIjXfaEtD1Y6/S/r5WO772X6kuc9IcKe0thv Abw9er9aDUYW5iBkkcs8ED54vgoOdUOiXS2FdqYUjJCIhcC5AH7/Y4Tl8lfgXuB217E3VVDvRNex X9k2t9Q3hQh20DzcUPT3e4FzexmmNdx17OCD3V+CC9kihmntX5yxXCGH9SG/R1zHftYwrddRczBQ 5u8EVNS8ODay1nXst6mQbrPf/ec+eZovtGN9NDyhzbz9ZrPkHlZTN773gge/9IA8THlh9L6TAdLI mnbky2nku1nku1k4Jo/Eg+Unbtzw11Kylq2Y35wX2gIPjbwQ3ztyzsqvAEgEcmAT9ImB1yuB81lg cYXKsT3wTbon3RVH//8YOKfRNVA2UF6ma59Kf+UbprUHcGDg8EsVignm0F1M98l5v/Lstj59UmiM nLemxkMs8hDkhFj58NJze927Ko+ck5OyPYskC0t/P3rf0OEf/GNzGq5Ko4zkLJIcfJKT8ureZHlC /2le6H/JoeEjnL3nPiUGOnq4jr2u+IUyC4s5kvIit9sNhSDaZYHD76JGQwBcx36TrikhALMG6x4K 6eVBr9XFBbd5pVwaeO9TniexmF/QdR50CsrV3clHdA0slk2X7tkT4vK8EHvl0HI5off5gU7d+N7G PCzMSkkGeVAaeQlAB3J5GvlGWikOWSkXnLhxwye9ybpn2Q88X2jTc0InL7SjPKGd6SHwpUQOkp3l OvbzqA+zmGsLvdh/C3Ppmo8FsKKElyq4tPlLhmkFbfJeMUxrqmFap/cQ2b4z8P5gysiWDcjfF5WM WcyqSkf0wsKu4jhMcHT9mevYOfpBIQ1L4EtGA1d4CHKaZj+3+JSSk+4gmaGxJTnkhqyUZKS85qnd 996p/oN382kpZ6TVsddyyBXlyFq15Lvr8kJ/KCM08kIs8iGOEN3G8gFyOV0nsUMAd3AvMfgYpiUM 07oMaAyc+hCVsBjkVtQKuWJ+YpjWcWVe74uolIxfAa8ZpnVqYIT4Bd2Dqo5hWpPKlL8zKoIeD5wK tq9cftLDcYmayPcLDQrGpGChL0RNHm1TFq3sm5z25pvpjhF1l6cjITLIHTKFBk7euOGpLHJlpiZs Td34Xtl78ebQLs8jMh5ilBTa7Eob1BeF1WtXBw5PNUxr6mBfazAwTCtimNY3UImANwROS+A817G7 uXELvWrQfIwCTxqmdbVhWsEHs/N6WmGkWcenaTgHAfeglkB3ys/SvfevAX5rmJZVWH/RU5uOQ82Z DgmcWuE6dsXLKAr38yJquXCQJ1zHDjotyqa4EYd5EjQh5r27cHJZSxg7Of3V9b++6+jxiVAmU6/n chfet9Nhy0//y/r1bbuNOOesl/7UXImsVxd9891R81Yv8RDzfCkPH+AkvSdclDlQ/AW5hmmt6SsT tcC1hmn1ajIGuL4wL+iJYwzTujNwbCgqcfLQwt+l+JHr2D3OE13Hvt8wrXF0nbOEgKuAHxmm9Sjw PMptHQcORyVDlgqEXuo6dherwnXs3xqm1Yjal7mTKCr+NNswrYeBP6HWutehJuNT6P4zGQAvohbt DYTbUDlaxQxoEdxWBfEQ6ILXfSkfGTlvzQ61Ms8wP8cQmaXOSxP3M8S9DrUeJJ+iNteuMnJzKSLZ DlpzmSv1fDahe3kdKZet+Prup7RqIdyTTtkhF4mRi9SQCcdJh2vpCMXpCNfSHqqlTa+hQ4vSrEVp 1aK0aSHa0ZZ7QrsQ2HlbJLwX0hsuRa0F6WQPVOS/pCs6wJQKL3kn0JuC7Ef3dRW90Qpc4Dr2A2WU nY3K/Alm/I5AZbleUIaMOa5jl9yuCbgSZfPPDRzfje4jTE88D5xUWC8yEO5BbRU1pPD+A9SCrn4T 7J4P9hCbPSGSWaElU1oo2S7CyTYtkkxrkWS7Fku2h2uT7eEhybbI0GR7dFgyFdsx2Vq7U7JlyIhE 29CdaRk2krYdRk5sqds52VY3Itk6ZKdkW+2OyVRseLItWpdMhYcm28PxZHuoNtmux5IZLVKQH06m NT2Z0fSkJ8QHvpQ7D9bkvBQFr1Ywwc4sbP6wvZJH2f6HlKkcnWsvrkCt5Ksomxf4BDjVdezFfcif h8ru/VeF8nOofLgJgxGjKZiavyo6tKLC9PtuaBStQ/YQIASe0MgKjYzQ6RAhOrQIbVqEDj1KSq8h FYqTCg+lLVJHa3QYqZodSNXsSGvtTrTGR9AS35nW+Ahaa0eQqt2RtthwWqLDSIXraA8PIRWObx05 Wgqy27QQ7UInq+IvBCbn2ypqPQu1e0cnOrCijPUInxU+KudqJcr82Mt17HNcx36/UkGuYz+OCi5e Cvy5j+LvAz8G9nMd+6Ey5T+MMs0s4LU+iv8HtYHEga5jzx2M7YyK6DSpPLpnPVdMCJUBuXXjOIlI +sirPcTjGTTQdIQvQVMKpF4aeU0nq4eJelEyfg7dz6PL/MGalKtAIhFjpdBaPKGT18LktTBZPUxa i5LRwmREuKAYEdq1EGnl3tU8oZ3jwxwP0ZmP0/ll9cV6ukZO+6SwtmJX+l4XU5HcEgTnNXPp7igI ki9zPlQ2BRPmFuCWQru/hFpGOwSVD9W5L9bbJRZIlSO/DfVTfMsM0xpVkL8Xan6TQe0Y8hrweoXy V9H1O+ixruvYfy6sLvT72A5oL7rmaZT8rEtuPaq2/+FpHX9msmlSyeh3Kc6/1D1Ck37n3lTDf3rL 9OZy646cv2Z8DrHME9o4icCvbj1aZTugx82rC3tkeTpyeVjKqzYtPK5PG/HUGXd0UZAH7POb+6oz at7q0XmhLc4hzvDQQICHqG5eXWW7oOQsuPDzB0t05H5I0PE/0ZELIsgVHzYd32NMY/Jl9x2hSblV QZ5YckZzT2X3nvtUTUbTL8+iXeELUVPYRfFlD2GmGus/iw3jqlTpk5KT0VRj/WMoj9YVCFo9oe2Y F/otGbSXR85b02MkNqnVsFn/9NUTo+atPq1dhN7Mol3jCa3GQ2ySiAs8xLiqclTZnujTjxpvSOyq wUKBPBcphS5Ak/IxXcqZmxYe94/ismPmPnGE9un+uMPfuu6E5uLzu81/5khPimWeEMd6QsOXMocQ todoTDXWVxScrFLls6DsQEO8ITFORy4DxiMlmhBZXfpLgabNTZNaAXab/8wRokhBPmw6vhlg5Pw1 Iz1Ekw/nS6EJX0oQYqVEzGptrC8r56tKlc+Dfv0MtI7c+jPQSPlvTYi5Ank3Uh5OkYIA7QhhSsQC X8o6hAB4XSJmtlZ/BrrKfwH9ClXHGxK1qBSGOTqyM17xR1RKRWdm6dmoNIQx0Blf4Wpgeaqxvuzk xSpVPk8GlMsRb0jsicow/U4vxTxUEtmVqcb6Xre8rFJle2NQkp3iDYljURHUYJbmWsBKNdaXvVFX lSrbE4OWDRhvSGiozYyvQeU3zU411j86WPKrVPk8EFJu4/09q1T5L2Z7yVqtUmW7pKogVar0QlVB qlTphf8HRR54eXhjetgAAAAASUVORK5CYII= --_004_MW4PR09MB928420FD37A426CE88741428EE272MW4PR09MB9284namp_-- From nobody Tue Nov 19 13:19:50 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Xt4q02gyzz5f1bR for ; Tue, 19 Nov 2024 13:19:56 +0000 (UTC) (envelope-from gabor@zahemszky.hu) Received: from smtp-4-out.integrity.hu (smtp-4-out.integrity.hu [212.52.165.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.integrity.hu", Issuer "RapidSSL TLS RSA CA G1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Xt4pz0CK7z4tgq for ; Tue, 19 Nov 2024 13:19:54 +0000 (UTC) (envelope-from gabor@zahemszky.hu) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of gabor@zahemszky.hu designates 212.52.165.214 as permitted sender) smtp.mailfrom=gabor@zahemszky.hu; dmarc=none Received: from webmail.integrity.hu (mail-fe-2.integrity.hu [10.1.64.122]) (Authenticated sender: gabor@zahemszky.hu) by mail-smtp.integrity.hu (Postfix) with ESMTPA id 8ECA340575 for ; Tue, 19 Nov 2024 14:19:50 +0100 (CET) Received: from Ny2VJRTnD/41MWTh1K9Pcdu7KAq3qwvVsnLpIkYbYD7hZ2SohnyEMA== (4F5vC96b3M9Fc9ZqMy+1Oa0rXQMAsuIl) by webmail.integrity.hu with HTTP (HTTP/1.1 POST); Tue, 19 Nov 2024 14:19:50 +0100 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 Date: Tue, 19 Nov 2024 14:19:50 +0100 From: =?UTF-8?Q?Zahemszky_G=C3=A1bor?= To: freebsd-security@freebsd.org Subject: Re: FreeBSD-SA-24:18.ctl impacted systems In-Reply-To: References: Message-ID: X-Sender: gabor@zahemszky.hu Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Result: default: False [-3.27 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.97)[-0.969]; R_SPF_ALLOW(-0.20)[+ip4:212.52.165.212/30]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:28924, ipnet:212.52.165.0/24, country:HU]; MIME_TRACE(0.00)[0:+]; FREEFALL_USER(0.00)[gabor]; MISSING_XM_UA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; R_DKIM_NA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[zahemszky.hu]; RCVD_IN_DNSWL_NONE(0.00)[212.52.165.214:from] X-Rspamd-Queue-Id: 4Xt4pz0CK7z4tgq X-Spamd-Bar: --- Hi! (Only on ctld: ) You can build an iSCSI SAN from a FreeBSD machine with ctld. Zahy 2024-11-18 15:37 időpontban Wall, Stephen ezt írta: > Good day, folks. > > I am seeking clarification of statements in > https://www.freebsd.org/security/advisories/FreeBSD-SA-24:18.ctl.asc. > > Section III, Impact says “A malicious guest could cause a Denial of > Service (DoS) on the host.” > > Does this imply that only FreeBSD systems acting as a Virtualization > Manager are impacted? Or could other VM hosts be impacted by a > FreeBSD guest? And are bare metal installations affected at all? > > Also, I am unfamiliar with ctld(8) – is it only used with > virtualization, or could it be used in the aforementioned bare metal > FreeBSD, and for what purpose? > > Thank you. > > Steve Wall > > -- > > Stephen Wall > > Senior Staff Software Engineer > > 585.924.7550 > > REDCOM Laboratories, Inc. [1] > > Research, Engineering, & Development in Communications > > One Redcom Center, Victor, NY 14564-0995 > > > > Links: > ------ > [1] https://www.redcom.com/