From nobody Wed Jun 21 06:20:46 2023 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QmCzz14vyz4g7vC for ; Wed, 21 Jun 2023 06:20:47 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QmCzz0Rf4z3sfW; Wed, 21 Jun 2023 06:20:47 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687328447; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=96rEwD+zBg0K9iSIV14cF3oRaS5pzzbBC0n7PNFZZ7M=; b=pzwzsKkpOyv8lVyEt4ttst5RNoZE5fXAZVjxut1Wc0gjQxjq3wI4xZdtqLmF6QzhTqEtHB 2dhSw6pU3diOTyc+VaQX02Fq0nK+ZfwGHCreKoVt/JXeklQFgp4ZvdfocsNCCHowLPdjBu nI3Q3H8Sp1NILz0FxtQyFk9pZQ2YJBfYjgq7ZYlWRhzhiBSSzh73FDJOLP3jP5dxSssy+f o6fbyyr5EkMWpSqlVqi6o+oNJeYIj90PxHeLPmE3VRDdlcm2C1nuK+FShwa286tYgK95my YyN/KZE1ITna5x5eQIe/RxI3iPZc2yLnAoIAcPBfQLElzfzmge0sTynNHsqj1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687328447; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=96rEwD+zBg0K9iSIV14cF3oRaS5pzzbBC0n7PNFZZ7M=; b=iuMz0E2k9lC4kFUocXTbrp+wu27dJCC//uz4Ar1ZOl8Og70XFJS7nPjXutw7vDzbgWu4Jb xE1j3kNMb/J/82pb/0wcMyUgHBLUoUx/G7f+yFBB1ReMs4vgHvUJjP7WrbdY7mfrHRajGR isHAvdp5vEfxz6/BfN2pYuo8vLrIIz4gWn/VpNXODAcXjT4yoOmvbbATlrBrSbDKPZrGRB UE4vxnI3L72XxlaS5ByD340wgFCW68qkr78cQ7Etori3nYitwuCCCJyAlxZIOPRbNsllal ugQdBfRFV+B2SYvj0f1fzXZC2juYaH9BXTNkAxjMfP1uAZw7dVWuFNCn72xnuQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687328447; a=rsa-sha256; cv=none; b=RonnlgtMICyUMMqA5GaioIkBC7Ct0cBCjvVMBCUMjJ4IOJmv7ZguoiFl0e9u1Mdly8aUOL ku1rhv562Jl0NClPuWuff3TpCzglG2pE0lOWfXWGkcRxA7/SXv75DzsWUT+3+qm2sb66TP +bqI+NevBMQ3Bht6uwHD0GWGT5e8K9upfwtnIr7lpa19LH1KKXUDZm2Eot0NnDK022CfeI YVQaV0P3INsLGN6jf9GaoIc3Tq3ZehAESbLjpyu13SDrRXvz93NFUCmdwN3ydqRgLgR5KV /2g48rkACokHKyqnz4k9xGxXZA1GZ+8MPrEDcR3jFrBXs7YDCeees5PiPjaSzw== Received: by freefall.freebsd.org (Postfix, from userid 945) id EBA08ED56; Wed, 21 Jun 2023 06:20:46 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-23:05.tzdata Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20230621062046.EBA08ED56@freefall.freebsd.org> Date: Wed, 21 Jun 2023 06:20:46 +0000 (UTC) X-ThisMailContainsUnwantedMimeParts: N List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-23:05.tzdata Errata Notice The FreeBSD Project Topic: Timezone database information update Category: contrib Module: zoneinfo Announced: 2023-06-21 Affects: FreeBSD 13.1, 12.4 Corrected: 2023-03-29 01:19:25 UTC (stable/13, 13.2-STABLE) 2023-06-21 05:03:18 UTC (releng/13.1, 13.1-RELEASE-p8) 2023-03-29 01:20:06 UTC (stable/12, 12.4-STABLE) 2023-06-21 05:43:27 UTC (releng/12.4, 12.4-RELEASE-p3) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The IANA Time Zone Database (often called tz or zoneinfo) contains code and data that represent the history of local time for many representative locations around the globe. It is updated periodically to reflect changes made by political bodies to time zone boundaries, UTC offsets, and daylight-saving rules. FreeBSD releases install the IANA Time Zone Database in /usr/share/zoneinfo. The tzsetup(8) utility allows the user to specify the default local time zone. Based on the selected time zone, tzsetup(8) copies one of the files from /usr/share/zoneinfo to /etc/localtime. A time zone may also be selected for an individual process by setting its TZ environment variable to a desired time zone name. II. Problem Description Several changes to future and past timestamps have been recorded in the IANA Time Zone Database after previous FreeBSD releases were released. This affects many users in different parts of the world. Because of these changes, the data in the zoneinfo files need to be updated. If the local timezone on the running system is affected, tzsetup(8) needs to be run to update /etc/localtime. III. Impact An incorrect time will be displayed on a system configured to use one of the affected time zones if the /usr/share/zoneinfo and /etc/localtime files are not updated, and all applications on the system that rely on the system time, such as cron(8) and syslog(8), will be affected. IV. Workaround The system administrator can install an updated version of the IANA Time Zone Database from the misc/zoneinfo port and run tzsetup(8). Applications that store and display times in Coordinated Universal Time (UTC) are not affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Please note that some third party software, for instance PHP, Ruby, Java, Perl and Python, may be using different zoneinfo data sources, in such cases this software must be updated separately. Software packages that are installed via binary packages can be upgraded by executing 'pkg upgrade'. Following the instructions in this Errata Notice will only update the IANA Time Zone Database installed in /usr/share/zoneinfo. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart all the affected applications and daemons, or reboot the system. 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-23:05/tzdata-2023c.patch # fetch https://security.FreeBSD.org/patches/EN-23:05/tzdata-2023c.patch.asc # gpg --verify tzdata-2023c.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all the affected applications and daemons, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ bb7b15831531 stable/13-n254928 releng/13.1/ 0e577c42f61c releng/13.1-n250183 stable/12/ r373009 releng/12.4/ r373101 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmSSki0ACgkQbljekB8A Gu8TvxAAtPUGUHuME21ttewmNzBuW6CHhD3MFYheFFs3CiuLsUbla7BRKgXPMOmT WzXHOe/PDKefrrrW09lPLG63DChu9WgmAfEQyvDK+uV8gazfTTkDN3wD+XS1k5Uh PNk9ZE2jAGOY7vbzmJyXAXVYx1MJcT9jGpT0S1s5AhOWL3GgsjlUb/IXMHaDIpRy r0L6snLzLypZzHmTf9HJ3dvkXAqiMv6Km1SwMeWibnm0ChCwhHzktOihbVcPQBoY vlUbAb0zKSZmNblbQS89vZtdtwgzFW8t+/F6esMEvrxwlW3hU1f8dZTBsRoIsKCR VqE2SSTu9O5wG0Huj4UR64EQ116Co8xU2JlVmdp0jFqu8SYa4kq5O3f0sVbRSVzi agwzaS0U7h8FzxBIyaSOQX1k+tWVIbXViKI/BD17NXqR/LXCLT1e7Eu4uxJn3mqE zmeyXEQ1TvP9VkGrLmuKrv2h+cqFrWVqFWlzRG3jq8x21r1fL7sTC2cnw54cqItN lAci5GUpc02LBo+74sz0J5WSpLFj/0sA+5W4EkUZ4EyoTpmR/d5L22eU1h91ZJx6 mg/5xxTCvvEL0woMOIHeUf5essP4JiWWwGLv1dblVUiq5UuP9R9UdZef3xt/s+gD Ew8Tyqv80ZJiamfWGOYQbbY6Bi7cUgzBvQkOXDVAXXeUXcCfWF4= =fStA -----END PGP SIGNATURE----- From nobody Wed Jun 21 06:20:53 2023 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QmD06009Vz4g7kj for ; Wed, 21 Jun 2023 06:20:53 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QmD056HGyz3t39; Wed, 21 Jun 2023 06:20:53 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687328453; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=CDWLUzAZunFNQHejv/tBENjsvdj1/5icKG9+uqaQ1cM=; b=YegE0I6VFgqCWKqYTIAKogseTkXuD6DVM/IBAKtjpVop0+MXX4CQ+ZamI6YXQaKlfCVOaR uwfQEaR5F/cK6wXsS0g58KnyxzYnQBnKrNXPJDjwEUrnhC8GysCnYXGUFXFlSy7xSQ2LAB ucOpLsQC+a2bUQHJ/l8s84ZhBqBbumjO+Cnew/JlD6IxtQdycJ3DCkpBe852ngZdepnqDN 7ExLufrLBFL7/Kh3SaaP9WVmCntdcDKdeiCdVTfWadP8OzLRJ75+aQXVRc++JWLn5nCpDp nccxphCyPS8foTRaihjZGIjUsXbxJGIgM+EXPweLCFfb9qN2WfSc5ZskJAW8ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687328453; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=CDWLUzAZunFNQHejv/tBENjsvdj1/5icKG9+uqaQ1cM=; b=TsAoMAM6ilwviT10kA45qpMfv5AE+8q9bis6Kepmx2AIFkRKhaUvXbJ5LAxhIMXtS4XcuI V9mmVvUccBQTKydfPM3ZuJEvG/zzhsqtJbvbOOPdDDaUoWwBMuPoAlDBi29a5xdgovejZ/ iqO9l2btATsph5xKcfdrPZldxQBlPPOgb90ChsarDxXohkTty80SZbbp2uf2DtzmJ6QQzk Qr2C+Bnn1z8xmwjgynWz0UTA1U9NPyLnmEFMEtqg10TNZVZLai4E+/BKN/De1UjfXeT0IS yGSbxA58evRuanrXoZKsnDvasuGoGgCpBcAeUnIR5zPd31gJpWyG5eY7czpB+Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687328453; a=rsa-sha256; cv=none; b=R8/UtX/MpseQD7HklZ2IwU4TUV0ctk/hO0GFPr234p0UWTzfYFoSMh7Vg9JgHUsBoSZk1q UxZDdY7NAPxI44QBYc+G73uUPb/plOyrHAZi63Bmpuz5LqBX6B5xhAkCUkm6ijdNJebjT3 XRGOUbSIue8uZnSrtoeFWqJU/cpndGW2vYW/SUdcPWV2lOsUfNEfCFyZiaWDpNDvF1nkO0 ePwvWgU7ZiD+BSQRaU9HD2qvPTk2A0vvXSIIDbPT0NrvYq8DKyZuiH+7ZLyWz6FHI9bCKw E4Bpl2wDSkD1E5/ppu2icWftPTMu3vxJZB63IHi0MrlBAWBu6fUprgtSmN09Ng== Received: by freefall.freebsd.org (Postfix, from userid 945) id B786DEDCF; Wed, 21 Jun 2023 06:20:53 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-23:06.loader Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20230621062053.B786DEDCF@freefall.freebsd.org> Date: Wed, 21 Jun 2023 06:20:53 +0000 (UTC) X-ThisMailContainsUnwantedMimeParts: N List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-23:06.loader Errata Notice The FreeBSD Project Topic: x86 kernel console configuration Category: core Module: loader Announced: 2023-06-21 Affects: FreeBSD 13.x Corrected: 2023-04-26 17:30:19 UTC (stable/13, 13.2-STABLE) 2023-06-21 05:05:15 UTC (releng/13.2, 13.2-RELEASE-p1) 2023-06-21 05:05:51 UTC (releng/13.1, 13.1-RELEASE-p8) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The x86 loader's "comconsole" driver drives an ns16550-like uart for the loader output, and it also generates a console specification for the kernel to use. II. Problem Description comconsole will unconditionally clear the hw.uart.console environment variable, whether the system is configured to use comconsole or not. III. Impact Systems with uart hardware that the kernel supports but loader doesn't cannot be configured to use this uart for console output if comconsole clears the hw.uart.console variable even when it's not in use. IV. Workaround No workaround is available, but non-x86 machines and x86 machines using UEFI to boot are not affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. A reboot will be required to get console output. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # reboot 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-23:06/loader.patch # fetch https://security.FreeBSD.org/patches/EN-23:06/loader.patch.asc # gpg --verify loader.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Reboot the system to use the new /boot/loader. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 362677cae8e9 stable/13-n255172 releng/13.2/ 525ac1948af8 releng/13.2-n254618 releng/13.1/ 5d2bbb9db2d2 releng/13.1-n250184 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmSSkjkACgkQbljekB8A Gu/4HQ//WJFI/SehPJhbpyGKsePYJSecIA6FYS3/pEYmffxEHCxAlWIovYfZwEsl 7UrqQfCOFIEtF2Au4GAhI2srH7+ecEFYyHzMfrWANLRMnHlqqLUqCdgmY6FKSM+v L0kIOh2ygMCU4s1nNjXDT5rwjLhS8rl+oaVbDvSHBIcwyNL0FdouuMnQR2GcHW1q nu+iYXCG0OAS7DAJ1hmPG5f85iXvt8dRfC9i/EH7sQSLJ8wZQIgQXOGbwwpMbPDW dsPP3mvxZ2h2i3WAMd2bidby+ImbDynpiabT8BuTg7vOo6P6pf+bREKKnHOQrN4C sZGzpPDGPKo0rAJ94R5qAS2QgzGX5gS/p0vporpwnvKZWL18AoioHp/Bh9TXFWfW 8aQn2LcIEjd/vhU1B1Erg1ctavD71W6A5ZTxU5BocNot3ZIts2VTuF2LajUJ8bSp y2DBP3FmpFZi3CHvDV3NmJvUyasHb12EipYhamzAWpvUxRC0YP1zLaYbFRusSlFA D6rjrRh0sd9AGip6gZ0ZSLd0v7kuebpqCh8nTEd1Betyg1pa00SGLTp++RsPcgow D6ty5KWjItqbS1UGibFAexXRTc0PPW+/Jd+UmgoAWA6HYuw4HwznxIdfBGy4qMsN V30TjUxl7ulInD3Ts92TOU5FpHiS2yGNFLBkeT/RClbnaXHIC0Y= =gAQK -----END PGP SIGNATURE----- From nobody Wed Jun 21 06:20:57 2023 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QmD0B3BbLz4g8Nd for ; Wed, 21 Jun 2023 06:20:58 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QmD0B15dGz3t49; Wed, 21 Jun 2023 06:20:58 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687328458; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=igtTX8zxPywmtQCAI665xci9D384814nCrVqzndR08Q=; b=Es6+8+wLvvH3vz02gfm+PLnUsN7IRSckPIggANJGkxRhjwXrH80bMY10PEuuHbiL2YdZr2 nCqvpadXxJo3q5znu/ycBrodgAbQo/Wgx+NgagubKIwE7FKYtAcbkN/1XG1kWtXm4DjVg5 WxbJkMsLDtNnr7GMSDD80D/UF9+N97uWnI+guyB4DgzHuamu+ZY7UE7TUvFU1xrG6cChhE GhRgnfTNuolToPiNwhvEmVT1yDmTos5lROFJinMXoUpWdwjFGQmqbmYqC/sX0NOtloy340 2fVNGusyOhA9gAqm5LNlcDUEC7tDmnHt0HqzhThjaAN0wr6HBffCpSK0bStFew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687328458; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=igtTX8zxPywmtQCAI665xci9D384814nCrVqzndR08Q=; b=CAvnRsfNU6jtmf6+7URTb2NuMfnhkTU5Lo2/XmGNbcnV4J6tzzBQN+rW7mUAKpd606Uehi jAlLUshJSRf0izi7uTKoEkjs6VRok584e3tRmycrzCTjk7WhBDyusugDwympg8hcAHnsZh ErQri2lxjLwLmss39kF2uKQKbqEJ7g6hhH+oupdO1CfoeZQkN2+cmfNyoUIETqQ1Lk+g/a jDLAuDKyGS3b6QO7e8Mksyr4qJ6ATXiZFDJAhpa3s8IvjzaKXLIHA1Gdkj+oNx67SnzRIy hM0LDjNgHU5wBmLeOlzAOv4H1LRqUdr8joVbLSAcORf1VLkbhRujeahDWokh8g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687328458; a=rsa-sha256; cv=none; b=IAxLZJRbVeOtz8NvC/JUcDZ7vKqP1kqd4nujPCX4LbIY5U0bgsDXPKBBcH1D7p3TZ2haYm GNbCGmqRSDq7wGOjWCCNPtaMGlB+Vw04ZCnmW54thpT74q70v073AOcFIGiJvIG8tcf5uQ yNvFnCMmb+ll5zbGC/0S6MF82EhT+qzNoGgmTmv3UIbbh40dKyjiDzEYo2x55aQLDOxIze m62Zk79wMbYVnU13/fCGL8niYYO8EOcu7PiAn4kr217k5xjgBtdAhhw3+e17S6+ggwBYB3 62SW+jLlmx2MgI+gnYXXzyPtvOW4UCrUEJs6jdmnXbYX0JgyNq1TLiFqMH9hdg== Received: by freefall.freebsd.org (Postfix, from userid 945) id E8667EDD1; Wed, 21 Jun 2023 06:20:57 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-23:07.mpr Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20230621062057.E8667EDD1@freefall.freebsd.org> Date: Wed, 21 Jun 2023 06:20:57 +0000 (UTC) X-ThisMailContainsUnwantedMimeParts: N List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-23:07.mpr Errata Notice The FreeBSD Project Topic: mpr(4) may fail to initialize devices Category: core Module: mpr Announced: 2023-06-21 Affects: All supported versions of FreeBSD. Corrected: 2023-05-02 12:21:35 UTC (stable/13, 13.2-STABLE) 2023-06-21 05:06:39 UTC (releng/13.2, 13.2-RELEASE-p1) 2023-06-21 05:07:50 UTC (releng/13.1, 13.1-RELEASE-p8) 2023-05-02 12:21:26 UTC (stable/12, 12.4-STABLE) 2023-06-21 05:43:37 UTC (releng/12.4, 12.4-RELEASE-p3) I. Background mpr(4) is a driver for Broadcom SAS controllers. II. Problem Description The mpr(4) driver did not correctly initialize command data sent to the controller when attaching. III. Impact mpr(4) would fail to initialize the controller in some cases, making the attached storage devices inaccessible. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for an erratum update" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-23:07/mpr.patch # fetch https://security.FreeBSD.org/patches/EN-23:07/mpr.patch.asc # gpg --verify mpr.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ e7a3a08febd0 stable/13-n255252 releng/13.2/ e63d8b8fa6d9 releng/13.2-n254619 releng/13.1/ bc61a15ededc releng/13.1-n250185 stable/12/ r373058 releng/12.4/ r373102 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmSSkjsACgkQbljekB8A Gu/jiw/9HCji9U0ygORSvETbwBg9eBNJNtQTqqnAEKPv7kjBUYhYkKwqyyzzaoCF 7rj0dw3heObLTdsDhDynnLinmTN1htXAoVE4F4RpS7li44eUnVp2hDSr//ft/bxR Zrd0NbxDt9OCuPVPxWclVyAnG+fi446pwpX5zBMz1U8STQHDe7N8DRUlzOmCxY1z N3pEJdFoYt8zUUixymBdpAmXyvBL5FAi9yvm0dt20Dl1e8EKVkdT+38x6RhYgjkO Cr//HnldHyoVXnIzqOIIv+VpEwAV4nYcKei9EvI8bJ/LSWUIk+7PHzzpmygk7fPM HFyIIlNQbkL0/KsEi/I07LUIBVoFEeB2pRHuOfF5jYhc6J4zcZ2pGX8BY3Ai8gdn hRAVvUHbiKKIFjezwl4S+8N+jipP8xIovEW5LG4MTp8BSpq0aNy1VtXYLyTvZhEb XhrepXUnPjh85sD2gLTfM4JDqCyuaNFTKqi0w+vCunvXjCfDhAFC+ttzJvDeijKG cuW2nF2Iniug3Y7BjGIe4xWYFEBiDTp+vOYOg/J4Me4cd1+BJzD4Enmu60dmtCd3 6u4HceA/CjVEV1iuZZXty9RkSqA5S6xCinZihho1fLrYLUOBA7MvSkIgZl1VH+RD XkgQtO3LyurJ2Hi7O7LIcG9IOI5XmpNH0i2S3i7BOcQvMdTjamY= =/a3j -----END PGP SIGNATURE----- From nobody Wed Jun 21 06:22:11 2023 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QmD1c0Z9vz4g8VH for ; Wed, 21 Jun 2023 06:22:12 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QmD1b5X4Cz3yBD; Wed, 21 Jun 2023 06:22:11 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687328531; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=1uaIyn1QCyqBytQlvv2FAhcvVk2hFacet16Z6NqMGso=; b=Csn7m+RsCBysEXu6BSNMMlICOqxPhKWblMh0YtkfgCaio2J5wMhZI/VI74UVXIXWuDnNyJ Os2+T5q6bA3UBZNDiTAjMJpTbsgsBlxMfRijptr0YILHeRy9HUfKP6rcX0A2MMlh9Q4y+E vLkPpkIe0OIF9ZDBStsXvOwqtp2kSxdWp0ZtV58RT1KaVneW+C7M90BWKYO3tuCZ6UFtWj gqBb1nbjpQvcSczbdmrHicLZDZfw1tIVF2PRAB0vOLxvOqnuqzpNw+01NEiCvZJCXkE/ZK Wkve/7bsQdMCrHy9Ju2INZtKHfEQZ94FOYH7U1zeEGtyFjnVy7wvSgr5JXoVlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687328531; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=1uaIyn1QCyqBytQlvv2FAhcvVk2hFacet16Z6NqMGso=; b=hmw/Y+2YJrTm2nRv1hymvy5we2hPqZo2d0ze3uYMQaA7eqHjBFEdr5TqP5IH1xlbf45knV tkG6fzpcpU+3ZiI5xs12Jjgw175fJYhCHrXXTdwz0zvOLw7sC51gCTt8fH74opBmyH+5AV rA2oWp9Uw1e58Xnwb+k+QomPiXRVdeiLN2nhTfkBVZcc/UEjVI7QEQFKPPJrlk6tmEotdR Sq6oapahE7YvU3MPSVSQTpHBCojw5i0AyWyK65WA4TyLbUMWdo77vxYoQVn62H3UveAB8M k6PKbarrUdmCfL5DG+mKuIQ3k6joZ6ixzZ9a3NcshfMb58+lhF1fULDF8mQPYg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687328531; a=rsa-sha256; cv=none; b=AoZ6gnlSWTvVL0yqXBAG5qhEd/q03kqL4KSGzaI7/K1S5ABwmzsrzyZp4JVzCC3Izi/+CT fFKT/GUAHW4ZPScklIWsRc9L9I66Ta8MXEQ7ae8CjWiX37pxBKJvWbmv6GcFqLUJN9I49o 1KT6aOhqi/dwnnSULqhKwFIemoeOzJEstGpmGv9coQvlD0RRpxWP/ByoJLf0UO2Hm6+shq jTGhIp8ZpIhmDQ/JHb30ieUjxCy6ynzUhinqrryRnOB6WjeCPgz1ZS6GQ8FiiFU+wXWyMz Ajg6+FSI+ZlnIUQVFBF66cuuZBIgk3DKr0ZskbMCzvFfcXAjurk8vnFk3i1Sqw== Received: by freefall.freebsd.org (Postfix, from userid 945) id A5868EF29; Wed, 21 Jun 2023 06:22:11 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-23:04.pam_krb5 Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20230621062211.A5868EF29@freefall.freebsd.org> Date: Wed, 21 Jun 2023 06:22:11 +0000 (UTC) X-ThisMailContainsUnwantedMimeParts: N List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:04.pam_krb5 Security Advisory The FreeBSD Project Topic: Network authentication attack via pam_krb5 Category: core Module: pam_krb5 Announced: 2023-06-21 Credits: Taylor R Campbell Affects: All supported versions of FreeBSD Corrected: 2023-06-21 05:25:18 UTC (stable/13, 13.2-STABLE) 2023-06-21 05:27:12 UTC (releng/13.2, 13.2-RELEASE-p1) 2023-06-21 05:27:22 UTC (releng/13.1, 13.1-RELEASE-p8) 2023-06-21 05:27:27 UTC (stable/12, 12.4-STABLE) 2023-06-21 05:43:39 UTC (releng/12.4, 12.4-RELEASE-p3) CVE Name: CVE-2023-3326 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Kerberos 5 (krb5) is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. The PAM (Pluggable Authentication Modules) library provides a flexible framework for user authentication and session setup / teardown. pam_krb5 is a PAM module that allows using a Kerberos password to authenticate the user. pam_krb5 is disabled in the default FreeBSD installation. pam_krb5 uses passwords for authentication, which is distinct from Kerberos native protocols like GSSAPI, which allows for login without the exchange of passwords. GSSAPI is not affected by this issue. II. Problem Description pam_krb5 authenticates the user by essentially running kinit(1) with the password, getting a `ticket-granting ticket' (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. Normally, the system running the pam_krb5 module will also have a keytab, a key provisioned by the KDC. The pam_krb5 module will use the tgt to get a service ticket and validate it against the keytab, ensuring the tgt is valid and therefore, the password is valid. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. III. Impact In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system. IV. Workaround If you are not using Kerberos at all, ensure /etc/krb5.conf is missing from your system. Additionally, ensure pam_krb5 is commented out of your PAM configuration located as documented in pam.conf(5), generally /etc/pam.d. Note, the default FreeBSD PAM configuration has pam_krb5 commented out. If you are using Kerberos, but not using pam_krb5, ensure pam_krb5 is commented out of your PAM configuration located as documented in pam.conf(5), generally /etc/pam.d. Note, the default FreeBSD PAM configuration has pam_krb5 commented out. If you are using pam_krb5, ensure you have a keytab on your system as provided by your Kerberos administrator. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-23:04/pam_krb5.patch # fetch https://security.FreeBSD.org/patches/SA-23:04/pam_krb5.patch.asc # gpg --verify pam_krb5.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the PAM module, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 6322a6c9daaa stable/13-n255613 releng/13.2/ 58d21e3e8e56 releng/13.2-n254620 releng/13.1/ 07e3f54f2ea1 releng/13.1-n250186 stable/12/ r373100 releng/12.4/ r373103 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmSSkl0ACgkQbljekB8A Gu/7pxAA5piBa4nYH+o+h2zGENXpWnKfGXpbWvxA1y9GCEhVAyq0xNK1voVbeLxO j0JriahVImk+JjYgbuFSqQ44viRVUssIn2+tCT/rzWxjCYOAN7E5tHHuomzBtM6O JSyeTT5Hk58iOjseTxCOy+FkLZ1daHyUiEGxURAJGf/KLg532xnYAgoXli48JBdA 3QwQ/q6hUEYS2KJpV3s8EI2oss2SI8+SW+5YjtPCHrs5JhVvRo4803Gwgxexu8Hv ZO8oBb+R0+C9Q30ediAmHTrWdb1/ir5T/4kE/dOYNo3yeHBkpb5hqXEiAareFMhP LvgFOFg8tNR6BEO3brRkgITvcLQOq48JSQlB1/ROE2+abSS0W1wEFlm/vyWen6as 0lMJYcO3+eTlKRkJ8fJyUZFntKk8s+ys8wNYYMoUr2AK89JvxtvIrL4kfZJ2SyHw OwRCXpDx+rT4EXrspDsU3ya9mlT/+GVvMDD0J7eRpY8T+TKhp9P5VtofYAidw+tP GafiRcuj8YLuHGTKlRQtmy3tE9jXsZ2p/R9bBt94ARPG0K/iJA7uR5gFs8PLXfpA GxIGJwif6jFEFUXg5pufwTDmW0g4BNL7rWzO2l7ZDxE7tdgSH0qr4D376VyI385d mzjiGNJZ07ng8R5MAXUDeqsZA1RvG5BV3toJawMzessvf55R1EI= =YOWz -----END PGP SIGNATURE----- From nobody Wed Jun 21 06:22:18 2023 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QmD1k2htfz4g8h5 for ; Wed, 21 Jun 2023 06:22:18 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QmD1k23bmz40DT; Wed, 21 Jun 2023 06:22:18 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687328538; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=A723qH3+glAhJ3l/s6GBr3gUY6CAwCcPwqIZfLpe6zM=; b=q5uYCdAgfBV8WBrYPUwFrZoqrHaXq6Zuz3ZKMjRcUwJFbV2UhlRufZ8t+uAg93SmUn/XQA UgdXb1j0taJdDont5J8END3mICO6k6Yq8XGnZD2AE0h9Ol2390sCPe4uufRB92SU4y4St9 IhZ08m+PyFfjjLl91xTUVvn/g1SKt1jjC9LE/vRFgUxpq+3DVu2LhAdJ3ZcTNviIeiJOSB LblDqpKBL3vPGbBtyRaPs6qvmSN0EUI3UM9TC32cYunucWDMvXrIUD6YoM/7OG7SmtBBxo LoE4on5U9NQl/2c8rx++iSeZmJHxz/j79MQDeZyYK9XVeUslLml8RJ2LOzgcPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687328538; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=A723qH3+glAhJ3l/s6GBr3gUY6CAwCcPwqIZfLpe6zM=; b=pvFo/8BR3PBsD4q7S8CVN2HH5SVsss5huKtRQ5VeRCB4sxx0/Ko8dEI9aJKLTpnzA1PT+9 SaTWIZdtwt7qRWOR/nm0q53Nw7wOuLY09ryiG98EfD+Xc8PGtOJX/WK+O5gUVRXZ+xQr21 SyVcvqdaTqvC0p43BLo5dMBDM0L3UBqKaBEKDpBbsvFnCVnbt2s+0dXYttYQnlnSRCnFvf OiiVAVo1xEyDfk5qoQml/v7jPb/vZWoyL/IegzzBmpqvtwnP1yoY3rzoWK1phSby2heFlH nhE0MGjlcpcjkiUHjwvi/H0IEzelUAlwqOT3ySj4FMDPApo95IpI7gVn4e6Sjw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687328538; a=rsa-sha256; cv=none; b=m8/hkCmCwtIwIGkwYMBNWgw9U1WWR3gur4blZdV8DDaNLEAmWqrOH74YOAZ9lJeAFYlkum CJbWYbxie+4Bmahr7aQVTasTZUVEEp5cSpR3xAsagexGYsPaKdVu6LERXxw9DP5CHHKkAx EAYLOGAz8qN5t9aLbDDzOFibKTzkJ/4Vxytg24hwGcEQOo8mDIjbSnf1yWWFbT8EZFlsPP B0dz4Ub5jZdPzzH0RtgTkrwp6YN2X2/TQfrceF6mZPgkr1W0PctvSItKz3Ni02OAf6D7yb w7pfl4b7K39Q5w8F6D98QoSWhP73Cq5Kzb8kE3vaadm+SZ6OPbOvz4hxAVxsBA== Received: by freefall.freebsd.org (Postfix, from userid 945) id 1FE0FECFC; Wed, 21 Jun 2023 06:22:18 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-23:05.openssh Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20230621062218.1FE0FECFC@freefall.freebsd.org> Date: Wed, 21 Jun 2023 06:22:18 +0000 (UTC) X-ThisMailContainsUnwantedMimeParts: N List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:05.openssh Security Advisory The FreeBSD Project Topic: ssh-add does not honor per-hop destination constraints Category: contrib Module: openssh Announced: 2023-06-21 Credits: Luci Stanescu Affects: FreeBSD 12.4 Corrected: 2023-06-05 16:04:15 UTC (stable/12, 12.4-STABLE) 2023-06-21 05:43:42 UTC (releng/12.4, 12.4-RELEASE-p3) CVE Name: CVE-2023-28531 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access. II. Problem Description When using ssh-add(1) to add smartcard keys to ssh-agent(1) with per-hop destination constraints, a logic error prevented the constraints from being sent to the agent resulting in keys being added to the agent without constraints. III. Impact A malicious server could leverage the keys provided by a forwarded agent that would normally not be allowed due to the logic error. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-23:05/openssh.patch # fetch https://security.FreeBSD.org/patches/SA-23:05/openssh.patch.asc # gpg --verify openssh.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/12/ r373093 releng/12.4/ r373104 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmSSkl8ACgkQbljekB8A Gu+p6Q//YJCvfTB82/cs++ok7D/bKGdwq5rvf9CaNMPrvEp7eVvzlTTDtxO6fU1P eT9IZNSBxQHQEnbDyhN0kiTSp+cumGUl44azMwXrHmatN8SZ0FJ/SwEF/VIkxLq5 suHmWh+E2JYdEKfBahjYiO6WJRL/WnKUGPkoDwcqszMyVEVcWh1Jr7nd8VmAJL54 Q5IADSZYpZHJTgdKM/jwkI0yUdsm3qRdMpfnHrNRHUoo84JIpr69bKAISwRF/w5m AgSFrV/0fW4EEqN0roXip6fyM3BlpOI8BjBE0V6mlPOkwxqzGvM7GwuEMGbxRWEj pBv00Kqr0wdDmwge2EFaPLnd1wlB9dvy3+Z4GN2bmdwtM+tW5PXUgZ4iiKaD9/yK Xf4dvSX8vs0IS4Rbk6e/MdZQHDXSzEFxPYz/a1PK/mMPVVeyyzCrQ8/66qUF5Uht grItkiiD+20c/7SEoy7Tj/sDfYpohHYcUbFRxtFp4RlMBZtUgpUwSrvipixb/iKd JkwUHrN5y6ct/oep7FiiGkHmQ3krXn6o5X4JiDf4JjoqbhPQLWMWdmLI+EeHOTcs EtN2JUHK+uVnMoKIOY12D9EzbMH/haBAmHSldXyk/pkxxz0OrSKytjXuYQMo9ooG wlwKMhEOMU6Jhb0YX4nR4jnKEtUx73/i08GBAV7tUuu5he0q6/I= =8fxE -----END PGP SIGNATURE-----