From owner-freebsd-security@freebsd.org Sat Nov 18 21:56:10 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D3F65DDD869 for ; Sat, 18 Nov 2017 21:56:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C182C7F269 for ; Sat, 18 Nov 2017 21:56:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAILuAJl092083 for ; Sat, 18 Nov 2017 21:56:10 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 223732] mmap(2) causes unkillable denial of service with specific flags Date: Sat, 18 Nov 2017 21:56:10 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: op@hardenedbsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-security@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Sun, 19 Nov 2017 00:01:54 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 21:56:10 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223732 --- Comment #2 from op@hardenedbsd.org --- op@opn op# procstat -kk 83681 PID TID COMM TDNAME KSTACK=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 83681 100141 dos - vm_map_findspace+0x5f vm_map_find+0x162 vm_map_find_min+0x4b vm_mmap_object+0x34b kern_mmap+0x57d sys_mmap+0x2a amd64_syscall+0x749 Xfast_syscall+0xfb=20 op@opn op# procstat -kk 83681 PID TID COMM TDNAME KSTACK=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 83681 100141 dos - vm_map_find+0x162 vm_map_find_min+0x4b vm_mmap_object+0x34b kern_mmap+0x57d sys_mmap+0x2a amd64_syscall+0x749 Xfast_syscall+0xfb --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-security@freebsd.org Sun Nov 19 10:40:34 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BFF21DF17F6 for ; Sun, 19 Nov 2017 10:40:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AD7F973537 for ; Sun, 19 Nov 2017 10:40:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAJAeX1C071616 for ; Sun, 19 Nov 2017 10:40:34 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 223732] mmap(2) causes unkillable denial of service with specific flags Date: Sun, 19 Nov 2017 10:40:33 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: remko@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kib@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Sun, 19 Nov 2017 12:03:06 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Nov 2017 10:40:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223732 Remko Lodder changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-security@FreeBSD.or |kib@FreeBSD.org |g | CC| |secteam@FreeBSD.org --- Comment #3 from Remko Lodder --- Dear Kib, Can you please have a look at this and see how we can fix this. While causing an outage and such, this is probably not a security issue on itself. There are multiple ways to "turn off" a local system by forkbombing= the system etc, which does not classify as a SA. If you think that this should = be different, please email us with that and we'll toss it in the group for discussion :-) Thanks, Remko --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-security@freebsd.org Tue Nov 21 04:02:06 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 55AD4DDD4D8 for ; Tue, 21 Nov 2017 04:02:06 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3A8E07CCC3; Tue, 21 Nov 2017 04:02:06 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id 966B510346; Tue, 21 Nov 2017 04:02:05 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-17:08.ptrace [REVISED] Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20171121040205.966B510346@freefall.freebsd.org> Date: Tue, 21 Nov 2017 04:02:05 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2017 04:02:06 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:08.ptrace Security Advisory The FreeBSD Project Topic: Kernel data leak via ptrace(PT_LWPINFO) Category: core Module: ptrace Announced: 2017-11-15 Credits: Ilja van Sprundel John Baldwin Affects: All supported versions of FreeBSD. Corrected: 2017-11-10 12:28:43 UTC (stable/11, 11.1-STABLE) 2017-11-15 22:39:41 UTC (releng/11.1, 11.1-RELEASE-p4) 2017-11-15 22:40:15 UTC (releng/11.0, 11.0-RELEASE-p15) 2017-11-10 12:31:58 UTC (stable/10, 10.4-STABLE) 2017-11-15 22:40:32 UTC (releng/10.4, 10.4-RELEASE-p3) 2017-11-15 22:40:46 UTC (releng/10.3, 10.3-RELEASE-p24) CVE Name: CVE-2017-1086 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . 0. Revision history v1.0 2017-11-15 Initial release. v1.1 2017-11-20 Corrected credit. Ilja van Sprundel first reported this issue to the project, but wasn't cited. The FreeBSD Security Team apologizes to Ilja for this oversight. I. Background The ptrace(2) syscall provides the facility for a debugger to control the execution of the target process and to obtain necessary status information about it. The struct ptrace_lwpinfo structure is reported by one of the ptrace(2) subcommand and contains a lot of the information about the stopped thread (light-weight process or LWP, thus the name). II. Problem Description Not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. III. Impact Some bytes from the kernel stack of the thread using ptrace(PT_LWPINFO) call can be observed in userspace. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Afterward, reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Afterward, reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-17:08/ptrace.patch # fetch https://security.FreeBSD.org/patches/SA-17:08/ptrace.patch.asc # gpg --verify ptrace.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r325643 releng/10.3/ r325871 releng/10.4/ r325870 stable/11/ r325642 releng/11.0/ r325869 releng/11.1/ r325868 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloToMpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P auf4EhAAkPiaUsEFju752S8RMKCC5LZtNMr++65TeX2I+QbvqR7jpcg8UhrVhonJ 0B/tEvaFcgYg8XjtHcRUMc5UzXRnZRu/a9+AzD2WbdZz/VqQSPVN1pAILXnYiZV4 SbmbKoavKzzQyXD9HTiElWCaOSau1dZYJj9CkhMarN63H5A+PNSD+v2TOcsK7S9h Yvt4EYjq64CNO7BYY9vIUQEZkJfaoh2lLTOQYbaAgNbEa1+V4l7Kctzx0HpfrvmP GyUyuvyIsBrtQA9xOYdhiet4qiORTNgVEsZc5k5mnpvvOOAyC5Ela/pqIM6VBmgv 9PS3RZkoEFblcJWbDb48sNfqVxXxG7NHMsun5YXA0eglmNQC/+pwibUZeJ4sTPLd 3qkm1uPxmHJPvp6zu/uVJSc+f8uJtMl7i2XmNVg0bdzzvcNkiCYR6TdhqZbDlJ+s BjgSVjY5tH83t9F8yaenKBrtHLk3ybwKBMQ/T/nwfBnZtUtN6n3EHTWZxrroilCB ein8XGKu4G2NuPcnY8X4Yn13LWHe/b46tj1nkvp+qkb+tN9tg7rsueoyJqLdM3k2 /KxAPKNgAgP05r7hIgJGEtblTaxvLIP+RvkuyRW9B0XSxfYUNPd9anIOQTMCTm3L WFSYxQaW823LiKA3DvC7rw+8k9Jmcc7dVXaN1pwQMAroAxGhBM0= =E16f -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Tue Nov 21 04:02:36 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 71140DDD5DF for ; Tue, 21 Nov 2017 04:02:36 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 529FF7D010; Tue, 21 Nov 2017 04:02:36 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id AC99C104C2; Tue, 21 Nov 2017 04:02:35 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat [REVISED] Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20171121040235.AC99C104C2@freefall.freebsd.org> Date: Tue, 21 Nov 2017 04:02:35 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2017 04:02:36 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:10.kldstat Security Advisory The FreeBSD Project Topic: Information leak in kldstat(2) Category: core Module: kernel Announced: 2017-11-15 Credits: Ilja van Sprundel TJ Corley Affects: All supported versions of FreeBSD. Corrected: 2017-11-15 22:34:15 UTC (stable/11, 11.1-STABLE) 2017-11-15 22:49:47 UTC (releng/11.1, 11.1-RELEASE-p4) 2017-11-15 22:50:20 UTC (releng/11.0, 11.0-RELEASE-p15) 2017-11-15 22:35:16 UTC (stable/10, 10.4-STABLE) 2017-11-15 22:50:47 UTC (releng/10.4, 10.4-RELEASE-p3) 2017-11-15 22:51:08 UTC (releng/10.3, 10.3-RELEASE-p24) CVE Name: CVE-2017-1088 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . 0. Revision history v1.0 2017-11-15 Initial release. v1.1 2017-11-20 Corrected credit. Ilja van Sprundel first reported the issue to the project, but wasn't cited. The FreeBSD Security Team apologizes to Ilja for this oversight. I. Background The kldstat(2) syscall provides information about loaded kld files. The syscall takes a userland argument of struct kld_file_stat which is then filled with data about the kld file requested. II. Problem Description The kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. III. Impact Some bytes from the kernel stack can be observed in userspace. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Afterward, reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Afterward, reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-17:10/kldstat.patch # fetch https://security.FreeBSD.org/patches/SA-17:10/kldstat.patch.asc # gpg --verify kldstat.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r325867 releng/10.3/ r325878 releng/10.4/ r325877 stable/11/ r325866 releng/11.0/ r325876 releng/11.1/ r325875 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloToOxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P audl/RAAkPqcGvCMAHucBtZH2sySvM/1L1NTl0I61eJaDqgnjooo3hRq5J/dlNlt zo48o2W0EOnr8QWJhVg1oADY5qxBVm8RldpAH1Y7lU1Pk1gw6buTvmlat9Y0TaRm i3WCYe/yzC9X50x12dSu2QCeir+HDHrHB72KQDxPJak21e8BKq8vSq4cV3+K32IF MmC0yTkwXM7JJti1wkztiNSwvcCT5cI0EOZrHxDOJk57zhmuUw3t+42mr4uZhLpd Um/Hmqt3TS1LlL/swCcayeJGI5lrnfnIMZEUJj9aJZcRry6xrtaeppvgm3rP8Bym IYBipTU16MGVU6PEdpxXZCkmhzrb5XkAHNnRbod/Ye4g5a+3tWeaivjxbrNRsJyc 7HkuvW41LX1+hJ2DJ/IJGKhz0yP+7//pXNJIkcF1iKOVnVIxz+49KPjj3ZHYhGu2 oI/w4EMTd4ODXmE+bZkwGGm3nbxlH3AIZmBL2x1MdmfO/NjUlB3tYupZ7K/wR/PD V0OdrZTua7EpYSUDg04xuNkkxRwFMIVQ3XtE1HNCuV0BtQqZOcecKh9Alci5ZT6n r+F3HhFthNsafwdXLka5zDev/qtSSxggZ75fj+BxPfCoQZSlYkegFg/9K1hXlE+c H22TsCXMpLokZUKj2XKJQ8RsEZQ5Yr6wEFjsWHoeK5CPh/DyAYE= =dgLX -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Tue Nov 21 06:06:07 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3CCC4DE367D for ; Tue, 21 Nov 2017 06:06:07 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from host64.shmhost.net (host64.shmhost.net [IPv6:2a01:4f8:a0:51d7::103:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 05A7C1270 for ; Tue, 21 Nov 2017 06:06:07 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from [IPv6:2001:470:25:233:8c1f:170d:7e74:c37f] (unknown [IPv6:2001:470:25:233:8c1f:170d:7e74:c37f]) by host64.shmhost.net (Postfix) with ESMTPSA id A52F8160D62 for ; Tue, 21 Nov 2017 07:06:03 +0100 (CET) From: Franco Fichtner Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: freebsd-update EoL "warning" prevents installing latest SAs Message-Id: Date: Tue, 21 Nov 2017 07:06:02 +0100 To: freebsd-security X-Mailer: Apple Mail (2.3273) X-Virus-Scanned: clamav-milter 0.99.2 at host64.shmhost.net X-Virus-Status: Clean X-Spam-Flag: NO X-Spam-Score: -1.0 X-Spam-Status: No score=-1.0 tagged_above=10.0 required=10.0 tests=[ALL_TRUSTED] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2017 06:06:07 -0000 Hi, I have two systems running 11.0-p12, freebsd-update fetches the updates for 11.0-p15, displays all file changes but bails at the last second, skipping install, telling that the release is EoL: = https://github.com/freebsd/freebsd/blob/master/usr.sbin/freebsd-update/fre= ebsd-update.sh#L2011 Changing the return value to 0 seems to fix that, it's probably better to install these updates despite the EoL... Cheers, Franco= From owner-freebsd-security@freebsd.org Tue Nov 21 06:31:58 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 29E22DE46D9 for ; Tue, 21 Nov 2017 06:31:58 +0000 (UTC) (envelope-from kitchetech@gmail.com) Received: from mail-lf0-x236.google.com (mail-lf0-x236.google.com [IPv6:2a00:1450:4010:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A0E812177 for ; Tue, 21 Nov 2017 06:31:57 +0000 (UTC) (envelope-from kitchetech@gmail.com) Received: by mail-lf0-x236.google.com with SMTP id x68so12805493lff.0 for ; Mon, 20 Nov 2017 22:31:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Cx7NFaT0lpUmYXPOyUZ3vXOJJvAGaDQpOxevH3QdTKQ=; b=HoBs0cUEPu2VQ1hDqALBmrTRR2rrLFbz+JFGidL1AcK8L93WNLMNQmtO4ENcXJutK0 ++nKHlKz09doW3qmFArljA9bbhtc3VS89WjZ/DbIxjQMgXwsKBIso0t/RBAHcLCddJgb LxIOQmcOrKy4n+4arsm5FT8+raXCrW96lA0H42hG4ExpSo1NP2yDKfUWiPFiuYbmDfyc XO7Pw3ZE0q9YVJIC4CTb11210lcooPZyZ7ePLelaIABc0jriBWWgG3+dxPCmb/FlJCs5 Kqm9ERB8VgX0FjLaOTMF4FaIMYYATByUJV/ll/ameTnpSWwDTsHjg+fV8OHSYX6jXAkz nRgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Cx7NFaT0lpUmYXPOyUZ3vXOJJvAGaDQpOxevH3QdTKQ=; b=JnQ3lKxdM/XguShNnJF7O1khKZFCivOdSS78hbBQRRpYgnVXqdS/4AeqO8Vf7Kgnlp XN6pXdpQV2zmZgXIpvctq4WRDAQffXggXQDODnLzK1XRZhkEw3HEqfuKAUYc+yd5Muet 2RMrXYiIEOBUFf6oRxGBuCQRcaspnbQ4zdCOwVOwGp2wq0fk33boJxfRb1rSIej5/avY 6iTQYytCUMUZc0ykap/x/d4kvgJ8qmvsu8/1xNC2+Ji2rL/+7oQQPOzy4S89U6+9NJOg f+sQ/HfnyO+Sltq+pHMv67HCKRsdEk6YabdjeQ/epXlZEwv8F8R9wA85ET7ZrjYAJuFG bwcA== X-Gm-Message-State: AJaThX49M+7W44krzWVenpqmQDF8HwEHjgVk0pZQXI/Hpseg0CZYuQCw TdcC8oyf7D5yoiANOIsAoJa5RA47fhPP6wfnpNU= X-Google-Smtp-Source: AGs4zMbkx4FuCHmSxxQO2M0rXwDxQ7xAJmrgrV7Jz4saLzBC/Qt3X3A8bln+SjpVhUyFZh/ITWHW74e8vku+4zlDDDw= X-Received: by 10.25.233.83 with SMTP id g80mr1616199lfh.165.1511245915510; Mon, 20 Nov 2017 22:31:55 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.155.65 with HTTP; Mon, 20 Nov 2017 22:31:54 -0800 (PST) Received: by 10.25.155.65 with HTTP; Mon, 20 Nov 2017 22:31:54 -0800 (PST) In-Reply-To: References: From: User Date: Tue, 21 Nov 2017 00:31:54 -0600 Message-ID: Subject: Re: freebsd-update EoL "warning" prevents installing latest SAs To: Franco Fichtner Cc: freebsd-security Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2017 06:31:58 -0000 The updates install fine here even if the eol warning is showing. The uname only updates if the kernel updates for patch levels. On Nov 21, 2017 12:06 AM, "Franco Fichtner" wrote: > Hi, > > I have two systems running 11.0-p12, freebsd-update > fetches the updates for 11.0-p15, displays all file > changes but bails at the last second, skipping install, > telling that the release is EoL: > > https://github.com/freebsd/freebsd/blob/master/usr.sbin/ > freebsd-update/freebsd-update.sh#L2011 > > Changing the return value to 0 seems to fix that, it's > probably better to install these updates despite the > EoL... > > > Cheers, > Franco > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > From owner-freebsd-security@freebsd.org Tue Nov 21 06:36:32 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6065ADE4933 for ; Tue, 21 Nov 2017 06:36:32 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from host64.shmhost.net (host64.shmhost.net [IPv6:2a01:4f8:a0:51d7::103:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2A1C424A2 for ; Tue, 21 Nov 2017 06:36:32 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from [192.168.10.2] (095-097-023-077.static.chello.nl [95.97.23.77]) by host64.shmhost.net (Postfix) with ESMTPSA id 5512016903E; Tue, 21 Nov 2017 07:36:30 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: freebsd-update EoL "warning" prevents installing latest SAs From: Franco Fichtner In-Reply-To: Date: Tue, 21 Nov 2017 07:36:29 +0100 Cc: freebsd-security Content-Transfer-Encoding: 7bit Message-Id: <5ACFF7B8-460E-473F-ADA0-D9200587FC55@lastsummer.de> References: To: User X-Mailer: Apple Mail (2.3273) X-Virus-Scanned: clamav-milter 0.99.2 at host64.shmhost.net X-Virus-Status: Clean X-Spam-Flag: NO X-Spam-Score: -1.0 X-Spam-Status: No score=-1.0 tagged_above=10.0 required=10.0 tests=[ALL_TRUSTED] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2017 06:36:32 -0000 > On 21. Nov 2017, at 7:31 AM, User wrote: > > The updates install fine here even if the eol warning is showing. The uname > only updates if the kernel updates for patch levels. I find that hard to believe unless there is a caching issue with the EoL date, the return clearly uses "1" which means fail in the fetch phase. Ah, but then again this is more likely a side effect of using: # freebsd-update fetch install In any case, fetch should now fail if it fetched updates... Cheers, Franco From owner-freebsd-security@freebsd.org Tue Nov 21 23:31:12 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F0679DBACF7 for ; Tue, 21 Nov 2017 23:31:12 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from echo.brtsvcs.net (echo.brtsvcs.net [208.111.40.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DFE433D55 for ; Tue, 21 Nov 2017 23:31:12 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from chombo.houseloki.net (c-73-240-250-185.hsd1.or.comcast.net [73.240.250.185]) by echo.brtsvcs.net (Postfix) with ESMTPS id A2E6F38D05 for ; Tue, 21 Nov 2017 15:31:06 -0800 (PST) Received: from [IPv6:fe80::7102:4df8:1f13:5c55] (unknown [IPv6:fe80::7102:4df8:1f13:5c55]) by chombo.houseloki.net (Postfix) with ESMTPSA id 308EBBC8 for ; Tue, 21 Nov 2017 15:31:05 -0800 (PST) To: freebsd-security@freebsd.org From: Mel Pilgrim Subject: Why no update of base/ports openssl for recent CVEs? Message-ID: <9a41694c-fffb-e58c-5946-abbc99160fb4@bluerosetech.com> Date: Tue, 21 Nov 2017 15:31:06 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2017 23:31:13 -0000 OpenSSL 1.0.2 before 1.0.2m (ports and 11.x base) are affected by CVE-2017-3735 and CVE-2017-3736, the most recent reported on 2 November. Why hasn't an SA and update for base been released, or security/openssl been updated? From owner-freebsd-security@freebsd.org Wed Nov 22 01:11:15 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8DEC8DC0128 for ; Wed, 22 Nov 2017 01:11:15 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2A9A66591F for ; Wed, 22 Nov 2017 01:11:15 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: by mail-oi0-x230.google.com with SMTP id r190so9890038oie.6 for ; Tue, 21 Nov 2017 17:11:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=3jWoCINxRuwt6ZOXDh+eiwIoAR7BjTYj/m0HENCYdJA=; b=M+Q1u3UVhu5jDzIh7xwxiqpLDfVHyn0/yfAiZu1qLvmIYHj+QVl6UkUhD5lVEYMnNo 8Sb4JaE5yAGgrTnb4xB0IqdEh3TUadX0526lXB3YtBRU004TTCh+soETcfXP+gOIaZM8 6upmakvWK+vWQwdUsJhDEhivHAXM1zxGjDCgOEYdm+kUWYYM3LmWgzeSah+rl5tAdrvj PLj+bEyGVyijJcCBg0zyHuilBQfcvJZ1bbtzTi9hzBC/yFt9N60qP6pxRDUa0FDpaSfm LoG9rrXNmpo9hNsX13rW9UxiaYit9QQlPfWs5xO1m/iXbVBZruFz83WlGb2ilNEjcHN2 cXdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=3jWoCINxRuwt6ZOXDh+eiwIoAR7BjTYj/m0HENCYdJA=; b=Bk8FEIPsMG4DIMd1C+1Gm7wf0xVviid55DSPLKIIocl7FimdhTJQkgTidJwuHZ4Ysu s9Zysop30YKWz8jkOdvoEvqmW2i7zUpqB1XdwxKTUb3DirDs+WjKIEcjJQOTgA7FFpEs cWqHe0JT9pqbGNoBkmxgvOerpaF6sisDQA6rETPZJuM3TLZAhCtQKQLxCHU37Jn3BCTP 3BBZcxTJojTTDm9gkBq5fhAbliM1t3FNcatIxQgHl+NTlWomQvujgkXvfPTWf1LhC9V8 l5pqEU/WmymN/RD7WWDVwvcOxOynsdf9V9BRYXYtHDDaVx3aNsG4t3wDFAOYa5d/swvP 4AxQ== X-Gm-Message-State: AJaThX4wtGHLX7C8wX7lpf8UHirIRhAB4xzsbdU+kgPyW8nXkLFIyy+W zDsTOJszDA5YHtZ+mwm3Yr0sDqHzeD4sS94xo0AKEyNe X-Google-Smtp-Source: AGs4zMZ0u4G2CPK6ZaypVxzfnY3cFxGgIqMSe7LRyktRjntORu8QporEgat49IUc365MmrjpTjYb9cLNjCGh0gBO8to= X-Received: by 10.202.114.22 with SMTP id p22mr11672892oic.327.1511313073771; Tue, 21 Nov 2017 17:11:13 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.47.33 with HTTP; Tue, 21 Nov 2017 17:11:13 -0800 (PST) In-Reply-To: <9a41694c-fffb-e58c-5946-abbc99160fb4@bluerosetech.com> References: <9a41694c-fffb-e58c-5946-abbc99160fb4@bluerosetech.com> From: Robert Simmons Date: Tue, 21 Nov 2017 20:11:13 -0500 Message-ID: Subject: Re: Why no update of base/ports openssl for recent CVEs? To: freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Nov 2017 01:11:15 -0000 I don't have an answer for base, but I think if you just update your ports tree, you will see the update to 1.0.2m was committed on Nov 2nd (2 weeks and 5 days ago): https://svnweb.freebsd.org/ports?view=revision&revision=453380 On Tue, Nov 21, 2017 at 6:31 PM, Mel Pilgrim wrote: > OpenSSL 1.0.2 before 1.0.2m (ports and 11.x base) are affected by > CVE-2017-3735 and CVE-2017-3736, the most recent reported on 2 November. > > Why hasn't an SA and update for base been released, or security/openssl > been updated? > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > From owner-freebsd-security@freebsd.org Wed Nov 22 03:50:27 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA014DDDF6B for ; Wed, 22 Nov 2017 03:50:27 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from echo.brtsvcs.net (echo.brtsvcs.net [208.111.40.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D7A586A43C for ; Wed, 22 Nov 2017 03:50:27 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from chombo.houseloki.net (c-73-240-250-185.hsd1.or.comcast.net [73.240.250.185]) by echo.brtsvcs.net (Postfix) with ESMTPS id 1E2BC38F89; Tue, 21 Nov 2017 19:50:27 -0800 (PST) Received: from [IPv6:fe80::4055:e8ed:3d40:2f96] (unknown [IPv6:fe80::4055:e8ed:3d40:2f96]) by chombo.houseloki.net (Postfix) with ESMTPSA id 34588BE0; Tue, 21 Nov 2017 19:50:25 -0800 (PST) Subject: Re: Why no update of base/ports openssl for recent CVEs? To: Robert Simmons , freebsd-security@freebsd.org References: <9a41694c-fffb-e58c-5946-abbc99160fb4@bluerosetech.com> From: Mel Pilgrim Message-ID: <9ebd9468-7c26-de75-79ea-5a8829399d51@bluerosetech.com> Date: Tue, 21 Nov 2017 19:50:11 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Nov 2017 03:50:28 -0000 On 2017-11-21 17:11, Robert Simmons wrote: > I don't have an answer for base, but I think if you just update your ports > tree, you will see the update to 1.0.2m was committed on Nov 2nd (2 weeks > and 5 days ago): > https://svnweb.freebsd.org/ports?view=revision&revision=453380 That explains ports: it was never merged to quarterly. Submitted ports/223797 to ask for MFH to 2017Q4.