From owner-freebsd-security@FreeBSD.ORG Tue Apr 24 00:34:13 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 943F9106564A for ; Tue, 24 Apr 2012 00:34:13 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from [127.0.0.1] (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3F5DF8FC0A for ; Tue, 24 Apr 2012 00:34:13 +0000 (UTC) From: Jung-uk Kim To: freebsd-security@freebsd.org In-Reply-To: <201204191402.52216.jkim@FreeBSD.org> References: <20120419125912.GC30970@tolstoy.tols.org> <201204191402.52216.jkim@FreeBSD.org> Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-v5UwDq+aHBPigVIHigWN" Date: Mon, 23 Apr 2012 20:33:42 -0400 Message-ID: <1335227622.53836.6.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Subject: Re: openssl bug X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2012 00:34:13 -0000 --=-v5UwDq+aHBPigVIHigWN Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable 2012-04-19, 14:02 -0400, Jung-uk Kim: > On Thursday 19 April 2012 08:59 am, Marco van Tol wrote: > > Hi there, > > > > The following URL was brought to my attention. Figured I should > > forward it to here in case it hasn't been cought yet: > > > > http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/08658 > >5.html >=20 > FYI, I've been maintaining unofficial patchsets for OpenSSL in the=20 > base. My patch is updated to 0.9.8v now, available from here: 0.9.8w was released today and here is my updated patch: http://people.freebsd.org/~jkim/openssl-0.9.8w.diff --=20 Jung-uk Kim --=-v5UwDq+aHBPigVIHigWN Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEABECAAYFAk+V9OYACgkQmlay1b9qnVPm7ACeNWzzwuPLbCgIXVZVzrFZiFYu j4sAn3BuCZdKaR9DmSaHiEZ7MClflr0t =jBcx -----END PGP SIGNATURE----- --=-v5UwDq+aHBPigVIHigWN-- From owner-freebsd-security@FreeBSD.ORG Tue Apr 24 00:34:14 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 895CB106566C for ; Tue, 24 Apr 2012 00:34:14 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from [127.0.0.1] (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3569E8FC12 for ; Tue, 24 Apr 2012 00:34:14 +0000 (UTC) From: Jung-uk Kim To: freebsd-security@freebsd.org In-Reply-To: <201204191402.52216.jkim@FreeBSD.org> References: <20120419125912.GC30970@tolstoy.tols.org> <201204191402.52216.jkim@FreeBSD.org> Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-fD2HUSPE33Ce2egVx/ST" Date: Mon, 23 Apr 2012 20:34:12 -0400 Message-ID: <1335227652.53836.7.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Subject: Re: openssl bug X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2012 00:34:14 -0000 --=-fD2HUSPE33Ce2egVx/ST Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable 2012-04-19, 14:02 -0400, Jung-uk Kim: > On Thursday 19 April 2012 08:59 am, Marco van Tol wrote: > > Hi there, > > > > The following URL was brought to my attention. Figured I should > > forward it to here in case it hasn't been cought yet: > > > > http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/08658 > >5.html >=20 > FYI, I've been maintaining unofficial patchsets for OpenSSL in the=20 > base. My patch is updated to 0.9.8v now, available from here: 0.9.8w was released today and here is my updated patch: http://people.freebsd.org/~jkim/openssl-0.9.8w.diff --=20 Jung-uk Kim --=-fD2HUSPE33Ce2egVx/ST Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEABECAAYFAk+V9QQACgkQmlay1b9qnVPXFwCgn+38e3VWNthNEXEtB3Gpgbt+ kDQAoIY9wmUW6ezta/6lC544pSm0FHRO =QRxH -----END PGP SIGNATURE----- --=-fD2HUSPE33Ce2egVx/ST-- From owner-freebsd-security@FreeBSD.ORG Sat Apr 28 21:24:14 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 86F7A106572F for ; Sat, 28 Apr 2012 21:24:14 +0000 (UTC) (envelope-from krichy@tvnetwork.hu) Received: from krichy.tvnetwork.hu (unknown [IPv6:2a01:be00:0:2::10]) by mx1.freebsd.org (Postfix) with ESMTP id 1904F8FC16 for ; Sat, 28 Apr 2012 21:24:13 +0000 (UTC) Received: by krichy.tvnetwork.hu (Postfix, from userid 1000) id 203C820FE7; Sat, 28 Apr 2012 23:24:06 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by krichy.tvnetwork.hu (Postfix) with ESMTP id 163FB2025A for ; Sat, 28 Apr 2012 23:24:06 +0200 (CEST) Date: Sat, 28 Apr 2012 23:24:06 +0200 (CEST) From: Richard Kojedzinszky To: freebsd-security@freebsd.org Message-ID: User-Agent: Alpine 2.02 (DEB 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII Subject: mac_mls X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Apr 2012 21:24:14 -0000 Dear fbsd team, I am using 9.0, and found that running atop, and exiting from it when the kernel is compiled with MAC_MLS (or the module is loaded), then a panic raises, I think the following patch could fix it (as in mac_biba); --- sys/security/mac_mls/mac_mls.c.orig 2012-04-28 23:19:45.000000000 +0200 +++ sys/security/mac_mls/mac_mls.c 2012-04-28 23:20:13.000000000 +0200 @@ -2028,6 +2028,9 @@ if (!mls_enabled) return (0); + if (vplabel == NULL) + return (0); + subj = SLOT(cred->cr_label); obj = SLOT(vplabel); Regards, Kojedzinszky Richard Euronet Magyarorszag Informatikai Zrt. From owner-freebsd-security@FreeBSD.ORG Sat Apr 28 21:27:47 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3B339106564A for ; Sat, 28 Apr 2012 21:27:47 +0000 (UTC) (envelope-from krichy@tvnetwork.hu) Received: from krichy.tvnetwork.hu (unknown [IPv6:2a01:be00:0:2::10]) by mx1.freebsd.org (Postfix) with ESMTP id ECC158FC1C for ; Sat, 28 Apr 2012 21:27:46 +0000 (UTC) Received: by krichy.tvnetwork.hu (Postfix, from userid 1000) id 3EC4C20FE7; Sat, 28 Apr 2012 23:27:46 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by krichy.tvnetwork.hu (Postfix) with ESMTP id 3A7242025A for ; Sat, 28 Apr 2012 23:27:46 +0200 (CEST) Date: Sat, 28 Apr 2012 23:27:46 +0200 (CEST) From: Richard Kojedzinszky To: freebsd-security@freebsd.org In-Reply-To: Message-ID: References: User-Agent: Alpine 2.02 (DEB 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Re: mac_mls X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Apr 2012 21:27:47 -0000 I forgot to mention that for 8.3 the code is still the same, so it seemts to crash there as well. regards, Kojedzinszky Richard Euronet Magyarorszag Informatikai Zrt. On Sat, 28 Apr 2012, Richard Kojedzinszky wrote: > Date: Sat, 28 Apr 2012 23:24:06 +0200 (CEST) > From: Richard Kojedzinszky > To: freebsd-security@freebsd.org > Subject: mac_mls > > Dear fbsd team, > > I am using 9.0, and found that running atop, and exiting from it when the > kernel is compiled with MAC_MLS (or the module is loaded), then a panic > raises, I think the following patch could fix it (as in mac_biba); > > --- sys/security/mac_mls/mac_mls.c.orig 2012-04-28 23:19:45.000000000 +0200 > +++ sys/security/mac_mls/mac_mls.c 2012-04-28 23:20:13.000000000 +0200 > @@ -2028,6 +2028,9 @@ > if (!mls_enabled) > return (0); > > + if (vplabel == NULL) > + return (0); > + > subj = SLOT(cred->cr_label); > obj = SLOT(vplabel); > > Regards, > > Kojedzinszky Richard > Euronet Magyarorszag Informatikai Zrt. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Sat Apr 28 23:39:19 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 73A3B1065670 for ; Sat, 28 Apr 2012 23:39:19 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 29AA38FC15 for ; Sat, 28 Apr 2012 23:39:19 +0000 (UTC) Received: by vcmm1 with SMTP id m1so1757984vcm.13 for ; Sat, 28 Apr 2012 16:39:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=gXXR1+YwJjL7ezQfCnT+nyDDDqlXMhl3mRjCokl+Nnc=; b=eKC7q0hKDZ/Mwe98sOmto5YOskXD7s4Onug1+aX26t23ew40/VbqNWlVR3k1etT0Nz W//87BRGmWeqAPLwmJOF8dlpMlq9xYmuvzzdOsY/dKhJL2w9aL+ZV1tEcIqPvRKE73US /nBIWRaX9/K2iMMePAJA7awz9U0V905cuuc6aZ75RRmOcCUVvBIslO8rcuWxLgg7xzkc PnzOtV2OaFscOuXB6z2T8ZwFyDhGacq/+tcLLWU9EizbLPBwb4El83RyITjBW8rg3Kbs Cf12x8+jEu8i67u9oYMifooSQ+OJB92AXiYAozhJAILECTs8c7tjwPy7O2gmS0meyipI gqBw== MIME-Version: 1.0 Received: by 10.52.95.42 with SMTP id dh10mr10546330vdb.37.1335656358176; Sat, 28 Apr 2012 16:39:18 -0700 (PDT) Received: by 10.52.66.239 with HTTP; Sat, 28 Apr 2012 16:39:18 -0700 (PDT) Date: Sat, 28 Apr 2012 19:39:18 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: OpenSSL and Heimdal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Apr 2012 23:39:19 -0000 Is there a plan to update OpenSSL to patch for CVE-2012-2131? Also, is the DOS vulnerability in libkrb5 that Heimdal 1.5.2 patches present in Heimdal 1.1 which shipped with 9.0-RELEASE?