Date: Tue, 14 May 2019 23:48:53 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53023 - in head/share: security/advisories security/patches/EN-19:08 security/patches/EN-19:09 security/patches/EN-19:10 security/patches/SA-19:03 security/patches/SA-19:04 security/pa... Message-ID: <201905142348.x4ENmrj1075437@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon (src committer) Date: Tue May 14 23:48:52 2019 New Revision: 53023 URL: https://svnweb.freebsd.org/changeset/doc/53023 Log: Add SA-19:03 to SA-19:07 and EN-19:08 to EN-19:10. Approved by: so Added: head/share/security/advisories/FreeBSD-EN-19:08.tzdata.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-19:09.xinstall.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-19:10.scp.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:03.wpa.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:04.ntp.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:05.pf.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:06.pf.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:07.mds.asc (contents, props changed) head/share/security/patches/EN-19:08/ head/share/security/patches/EN-19:08/tzdata-2019a.patch (contents, props changed) head/share/security/patches/EN-19:08/tzdata-2019a.patch.asc (contents, props changed) head/share/security/patches/EN-19:09/ head/share/security/patches/EN-19:09/xinstall.patch (contents, props changed) head/share/security/patches/EN-19:09/xinstall.patch.asc (contents, props changed) head/share/security/patches/EN-19:10/ head/share/security/patches/EN-19:10/scp.patch (contents, props changed) head/share/security/patches/EN-19:10/scp.patch.asc (contents, props changed) head/share/security/patches/SA-19:03/ head/share/security/patches/SA-19:03/wpa-11.patch (contents, props changed) head/share/security/patches/SA-19:03/wpa-11.patch.asc (contents, props changed) head/share/security/patches/SA-19:03/wpa-12.patch (contents, props changed) head/share/security/patches/SA-19:03/wpa-12.patch.asc (contents, props changed) head/share/security/patches/SA-19:04/ head/share/security/patches/SA-19:04/ntp-11.2.patch (contents, props changed) head/share/security/patches/SA-19:04/ntp-11.2.patch.asc (contents, props changed) head/share/security/patches/SA-19:04/ntp.patch (contents, props changed) head/share/security/patches/SA-19:04/ntp.patch.asc (contents, props changed) head/share/security/patches/SA-19:05/ head/share/security/patches/SA-19:05/pf.patch (contents, props changed) head/share/security/patches/SA-19:05/pf.patch.asc (contents, props changed) head/share/security/patches/SA-19:06/ head/share/security/patches/SA-19:06/pf.patch (contents, props changed) head/share/security/patches/SA-19:06/pf.patch.asc (contents, props changed) head/share/security/patches/SA-19:07/ head/share/security/patches/SA-19:07/mds.11-stable.patch (contents, props changed) head/share/security/patches/SA-19:07/mds.11-stable.patch.asc (contents, props changed) head/share/security/patches/SA-19:07/mds.11.2.patch (contents, props changed) head/share/security/patches/SA-19:07/mds.11.2.patch.asc (contents, props changed) head/share/security/patches/SA-19:07/mds.12-stable.patch (contents, props changed) head/share/security/patches/SA-19:07/mds.12-stable.patch.asc (contents, props changed) head/share/security/patches/SA-19:07/mds.12.0.patch (contents, props changed) head/share/security/patches/SA-19:07/mds.12.0.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-19:08.tzdata.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-19:08.tzdata.asc Tue May 14 23:48:52 2019 (r53023) @@ -0,0 +1,146 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-19:08.tzdata Errata Notice + The FreeBSD Project + +Topic: Timezone database information update + +Category: contrib +Module: zoneinfo +Announced: 2019-01-09 +Affects: All supported versions of FreeBSD. +Corrected: 2019-03-29 01:39:20 UTC (stable/12, 12.0-STABLE) + 2019-05-14 22:48:36 UTC (releng/12.0, 12.0-RELEASE-p4) + 2019-01-01 01:40:44 UTC (stable/11, 11.3-PRERELEASE) + 2019-05-14 22:48:36 UTC (releng/11.2, 11.2-RELEASE-p10) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The tzsetup(8) program allows the user to specify the default local timezone. +Based on the selected timezone, tzsetup(8) copies one of the files from +/usr/share/zoneinfo to /etc/localtime. This file actually controls the +conversion. + +II. Problem Description + +Several changes in Daylight Savings Time happened after previous FreeBSD +releases were released that would affect many people who live in different +countries. Because of these changes, the data in the zoneinfo files need to +be updated, and if the local timezone on the running system is affected, +tzsetup(8) needs to be run so the /etc/localtime is updated. + +III. Impact + +An incorrect time will be displayed on a system configured to use one of the +affected timezones if the /usr/share/zoneinfo and /etc/localtime files are +not updated, and all applications on the system that rely on the system time, +such as cron(8) and syslog(8), will be affected. + +IV. Workaround + +The system administrator can install an updated timezone database from the +misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected. + +Applications that store and display times in Coordinated Universal Time (UTC) +are not affected. + +V. Solution + +Please note that some third party software, for instance PHP, Ruby, Java and +Perl, may be using different zoneinfo data source, in such cases this +software must be updated separately. For software packages that is installed +via binary packages, they can be upgraded by executing `pkg upgrade'. + +Following the instructions in this Errata Notice will update all of the +zoneinfo files to be the same as what was released with FreeBSD release. + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. Restart all the affected +applications and daemons, or reboot the system. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all the affected applications and daemons, or reboot the system. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-19:08/tzdata-2019a.patch +# fetch https://security.FreeBSD.org/patches/EN-19:08/tzdata-2019a.patch.asc +# gpg --verify tzdata-2019a.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all the affected applications and daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r345669 +releng/12.0/ r347584 +stable/11/ r345670 +releng/11.2/ r347584 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:08.tzdata.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTplfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cK4Dw//Y28mXrmzitCE3RclEPrP90hcRYOzknKv8xLYNo3SnCOfSnJCQqoeNw/X +HoAgX5Blm1sSYJ7GvK+AmKVn6FLoRGyd2tLzK5lofpbuExqrIZM6crHUx7HrblfO +4EfUJsIPr70y0+DeD4lBgZtpV5umOVFVWz8plgyeffGwTG3qNEES8RLI62uMrtpW +bkp+/l90eo2P9Wo34DqZSwW4V7JUwmFqooF4akZ0NBJnGpyz0iK+EZjluiRnsZxT +ueG5yqh5BpPPQ4UTxkTMoFrF2cKP18cDzQ2e1Z27JF+MpfW3Ki4zBLcmbFrVdHhR +1vlw1uIVKzusntEYX05oJUG8nkXckf6b7Wr6i1hD8tC7xgg4uBvTU4k/nLuGOHE/ +Oe6pAfLHvFS2ISk97FtImJd3UHR62+ZVX544dOxnY8N86tTU8p9vaO2AnfvTxzMR +5lyqIHgDd1RWH41aASin2fM3jeXUTubq5UsTiujaFUM5Cqoe8u5UrDAzFjxx8y2H +Uci9zi0IggRp7z8HbiXLtmoqqzwuUkXIk36j2CT7JLwH/QiP2w34Euh2wrWAeblG +tpITlvvMl9B1+zljUCxs1+8++Q/jLbhmsH1U+r7Qj6CKAg/9hCmNYZp5WAmwDHfY +V1JMNu6eaZpbCscJu9/QTsnvWiZZFBdHFubUueFsBNoKyQGVDkw= +=69LY +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-19:09.xinstall.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-19:09.xinstall.asc Tue May 14 23:48:52 2019 (r53023) @@ -0,0 +1,128 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-19:09.xinstall Errata Notice + The FreeBSD Project + +Topic: install(1) broken with partially matching relative paths + +Category: core +Module: xinstall +Announced: 2019-05-14 +Affects: All supported versions of FreeBSD +Corrected: 2019-02-16 04:48:30 UTC (stable/12, 12.0-STABLE) + 2019-05-14 22:51:49 UTC (releng/12.0, 12.0-RELEASE-p4) + 2019-02-16 04:49:10 UTC (stable/11, 11.3-PRERELEASE) + 2019-05-14 22:51:49 UTC (releng/11.2, 11.2-RELEASE-p10) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The install(1) utility installs files and links, optionally calculating +relative paths for an installed symbolic link. + +II. Problem Description + +Due to an issue in the way install(1) determines common components of the +source and target paths, the relative link may be incorrectly calculated and +drop a component of the link because a partial match existed on that +component. + +III. Impact + +The ports tree and other software very frequently use install(1) to create +relative symlinks without checking whether a partial match of the path +exists that would result in such a truncation. + +IV. Workaround + +No workaround is available, but using install(1) to install non-relative +links and files is unaffected. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-19:09/xinstall.patch +# fetch https://security.FreeBSD.org/patches/EN-19:09/xinstall.patch.asc +# gpg --verify xinstall.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r344205 +releng/12.0/ r347585 +stable/11/ r344206 +releng/11.2/ r347585 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235330>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:09.xinstall.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTqhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJV2RAAjFslsJRGQlL5piJPcAixaQO3gEgmaAp+q79whcsN3O8cqQpApU0BApTA +cT7cNnm3/sMteHFd6wCTLsssBnDsTWYxqccOeUIiCIgpXXkP67XYpLxxjBZqq5Tn +egFesjpZdu2yr+0gdRrpf54msed7ts8E0dDVoGIYeGhU7omIqlYWJGJfsZ4tg1La +Mod40JgxXcHMTca7Et46LBu/j/cF5MeQhzIepRrj1awiElQY/dMesmJwD9AuYL9m +cuS7yTH4eC6A/b7TdhUXBqBTbNipUCmwUuIWJ6OxpcrKPrtv/qGhUCEDdsNvMxpA +i8ciQY4YD06wdmZP+9Ugp/qXMXpLlxzwHrUYPe/Xn6/NvUgMp+KyMWgfkmtPBuIl +YKRTp5S4ZAs6U7RPSOMUWmQ2bWh0yZqEaQXAgzzNwIpqdghrZj73krr99pCeWc81 +1MWv6K9/ZMdm8i31Iur3Mz/4hkv5WQSObU9SdjigtvFGu5ldVEJzE5f3Zu9Vr5ja +keCB1HVYtU25ekngLYPdFiVf9B/HAWwHugOyeZNV2jPB6VVSeFkyeicm8zZ95G63 +Ww0BQbc830AFYlhb6DpciaP1Epokywr+wO4O+I3DRN3K6Zi47ODv7881milM8KQO +jWYn0kemMIgnz0R0ZluU/I5SU1cnXbWZuKvsw9efd++irqEHrBw= +=t05i +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-19:10.scp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-19:10.scp.asc Tue May 14 23:48:52 2019 (r53023) @@ -0,0 +1,125 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-19:10.scp Errata Notice + The FreeBSD Project + +Topic: Insufficient filename validation in scp(1) client + +Category: contrib +Module: scp +Announced: 2019-05-14 +Affects: All supported versions of FreeBSD. +Corrected: 2019-05-07 19:48:39 UTC (stable/12, 12.0-STABLE) + 2019-05-14 22:54:17 UTC (releng/12.0, 12.0-RELEASE-p10) +CVE Name: CVE-2019-6111 + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +scp(1) is a file transfer protocol running over an SSH session. + +II. Problem Description + +The scp(1) client implementation fails to verify if the objects returned by +the server match what was requested. + +III. Impact + +A malicious scp server can write arbitrary files to the client. + +IV. Workaround + +Switch to using the sftp(1) client, if possible. + +V. Solution + +Note: While stable/11 and its release branches are currently affected by this +errata, due to the lack of patches, no fix is currently available for +stable/11. We are currently evaluating a backport for these fixes to +stable/11. + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.0] +# fetch https://security.FreeBSD.org/patches/EN-19:10/scp.patch +# fetch https://security.FreeBSD.org/patches/EN-19:10/scp.patch.asc +# gpg --verify scp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r347232 +releng/12.0/ r347586 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:10.scp.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTq1fFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJXGQ/+Ii19QUq6MdSeNPPOHVTtW8G/FIlsaYYlCFooIvzxYxvcqDcCyabVlX/a +Lt815YY7+EbKcSbA0Gh/YFm9S05rwUg4Dnj8nIQwMVp9OEtziIdY6TVU0JhRoUpe ++YVG9e5eh8wK7FFJ/jIaZbAcr2MfMYV2KPouA1HZdqsMBkAkr8xuS3HrmkeE0nxo +6QHTWaaD7qvr8foUSHS1hJsAX3+1eIsdytGUTJIGeL6g7DWsLYYiX7v2k+eZuSe1 +dkt7/3J+RqpyJAv+LfGh3QnILC52fO7jOVlnOBt5H/HefX+xRdb8lwHfoBeyxIFc +N4v4Ecypewci6Hv4moTeZF+FtIETHj3EfPIe04eiikiGhrpGQ4cCveK6+kk49x4m +RR7TE+y7klGIfoSuxoooaJ1/UyFJ9T0eICmBUh1B5rcrnwbbhgpXVPpbbee7IFL2 +HYiEuDECPN45zek+bL0M5D0wHZc823e7p1Ioxl1NNzawdts7hWwIpNmFTlfWNczQ +KZ9y0bDFffK3nuUkMHORLagCM6ou/wAPunsnWXY3Xg3X61svYIvZThDIeeOi9SbF +d1ve8/H/t5yHRQBpqWk51FfO4RdPmQAo6Y9w9WzhnkETsNXeTruQq7D8SnOaWgXG +JUh9PAVQKcJRWPXVwDTPEsqRgaDVB0gpaPCt5IS2j2tyB8UuAd4= +=2h+W +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:03.wpa.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:03.wpa.asc Tue May 14 23:48:52 2019 (r53023) @@ -0,0 +1,154 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:03.wpa Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities in hostapd and wpa_supplicant + +Category: contrib +Module: wpa +Announced: 2019-05-14 +Affects: All supported versions of FreeBSD. +Corrected: 2019-05-01 01:42:38 UTC (stable/12, 12.0-STABLE) + 2019-05-14 22:57:29 UTC (releng/12.0, 12.0-RELEASE-p4) + 2019-05-01 01:43:17 UTC (stable/11, 11.2-STABLE) + 2019-05-14 22:59:32 UTC (releng/11.2, 11.2-RELEASE-p10) +CVE Name: CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, + CVE-2019-9498, CVE-2019-9499, CVE-2019-11555 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +Wi-Fi Protected Access II (WPA2) is a security protocol developed by the +Wi-Fi Alliance to secure wireless computer networks. + +hostapd(8) and wpa_supplicant(8) are implementations of user space daemon for +access points and wireless client that implements the WPA2 protocol. + +II. Problem Description + +Multiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8) +implementations. For more details, please see the reference URLs in the +References section below. + +III. Impact + +Security of the wireless network may be compromised. For more details, +please see the reference URLS in the References section below. + +IV. Workaround + +No workaround is available, but systems not using hostapd(8) or +wpa_supplicant(8) are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Afterwards, restart hostapd(8) or wpa_supplicant(8). + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Afterwards, restart hostapd(8) or wpa_supplicant(8). + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.0] +# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch +# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch.asc +# gpg --verify wpa-12.patch.asc + +[FreeBSD 11.2] +# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch +# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch.asc +# gpg --verify wpa-11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r346980 +releng/12.0/ r347587 +stable/11/ r346981 +releng/11.2/ r347588 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://w1.fi/security/2019-1>; +<URL:https://w1.fi/security/2019-2>; +<URL:https://w1.fi/security/2019-3>; +<URL:https://w1.fi/security/2019-4>; +<URL:https://w1.fi/security/2019-5>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9494>; +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495>; +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9496>; +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497>; +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498>; +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499>; +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTrVfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLsaA/9EB577JYdYdwFCOQ6TiOVhyluLJzgrhG3aiXeBntj8ytkRjcXKnP0aega +3G2R1do7pixVYUF52OWJwaNO3Hm+LHMngiOqujcLI+49ISI3T/APaU/D2dqmXVb8 +nN/Pd+0HDGj3R3MwyyHT8/3fX0pJ395vcQhYb61M6PUSrwr8uiBbILT57iCadZoL +F4KOCvRv7I4EFWXvqngGfeohZbbeHPBga2DwuebWR/E/1uWrMKEOF2pvh4b6ZSN2 +pdr7ZHMiL1cZt+p+2gwWoqDWyD93u2lTC7Gmo3Vom+meH7eaQ79obXEN541aiQ04 +CYhjkwuW5uNGUWCO/Xsfn5gqICeB1G5A/aBHQlAyVgUGia8jukL1jn3ga4AQgKrN +h9aTmvrQs17PjMVtq81ZS0xm0ztW0Y6t2A9fRgGcnOOw+uy5tHMbJaKSMy8x97NT +gUyXtoyu47tjjMrzsQcma2t6/+iCEDuW1P1LybSmv/v59gro9uveCdl0busgM9GS +M5bpWK/qYQS1HYmYeTKMRynmD8ntRbflYoUP/SpijHsz+56rgyeJO12WyltyT32f +j5fgnKaznW/UPtgmK0wnPIG9XEj3Nzs4C4cypO5t8OiuLEli4wRdb6MYlvEjq4la +R3lnCzmTd9sg+K6cod2qWWSYdsdEwizcpQDp7M9lRqomiANLqJ4= +=MXma +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:04.ntp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:04.ntp.asc Tue May 14 23:48:52 2019 (r53023) @@ -0,0 +1,146 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:04.ntp Security Advisory + The FreeBSD Project + +Topic: Authenticated denial of service in ntpd + +Category: contrib +Module: ntp +Announced: 2019-05-14 +Credits: Magnus Stubman +Affects: All supported versions of FreeBSD +Corrected: 2019-03-07 13:45:36 UTC (stable/12, 12.0-STABLE) + 2019-05-14 23:02:56 UTC (releng/12.0, 12.0-RELEASE-p4) + 2019-03-07 13:45:36 UTC (stable/11, 11.3-PRERELEASE) + 2019-05-14 23:06:26 UTC (releng/11.2, 11.2-RELEASE-p10) +CVE Name: CVE-2019-8936 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The ntpd(8) daemon is an implementation of the Network Time Protocol +(NTP) used to synchronize the time of a computer system to a reference +time source. The ntpd(8) daemon uses a protocol called mode 6 to both get +status information from the running ntpd(8) daemon and configure it on the +fly. This protocol is typically used by the ntpq(8) program, among others. + +II. Problem Description + +A crafted malicious authenticated mode 6 packet from a permitted network +address can trigger a NULL pointer dereference. + +Note for this attack to work, the sending system must be on an address from +which the target ntpd(8) accepts mode 6 packets, and must use a private key +that is specifically listed as being used for mode 6 authorization. + +III. Impact + +The ntpd daemon can crash due to the NULL pointer dereference, causing a +denial of service. + +IV. Workaround + +Use 'restrict noquery' in the ntpd configuration to limit addresses that +can send mode 6 queries. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Afterwards, restart the ntpd service: +# service ntpd restart + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.0] +# fetch https://security.FreeBSD.org/patches/SA-19:04/ntp.patch +# fetch https://security.FreeBSD.org/patches/SA-19:04/ntp.patch.asc +# gpg --verify ntp.patch.asc + +[FreeBSD 11.2-RELEASE/11.3-PRERELEASE] +# fetch https://security.FreeBSD.org/patches/SA-19:04/ntp-11.2.patch +# fetch https://security.FreeBSD.org/patches/SA-19:04/ntp-11.2.patch.asc +# gpg --verify ntp-11.2.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the ntpd service, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r344884 +releng/12.0/ r347589 +stable/11/ r344884 +releng/11.2/ r347590 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:http://support.ntp.org/bin/view/Main/SecurityNotice#March_2019_ntp_4_2_8p13_NTP_Rele>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTrdfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLGtw/8CNAYnLxARrMUK1QeC9sE7EaboYInSOgaunfK2Uw5tJk9b4GwWWjCSE0C +hSWg4a9xv3pks2ppfEJzRuy0eoYmiU0MYblnAnCwCmE2d3WYlExO7hZJa1iK3uPO +WvHre5q80kF8TJhS9rbph+6oyLaPun8f9PDIo4Oc2knTppNfrfzbB/HEuzP27KMp +gCXD/Nk/5tHbXjkIGamWCf9wgYuw/typYRV3W6sWDuPhug2sAvWk1TMo0cMJ4BHL +wL7Qh00rZ+nHWdk5GKFslga9gNjVPqD2DzRKCQO2bj4o+7ly2d+yk4jUpMKBq2r4 +eQcQQnk9xj60NQ5cHGprOv6xwulBYycugF57iouNAP241cvVf+XZd4b/GthJODgz +fhP0aquusmtkawida3ZWWIVCjkM5NmHQsY5VTQLvTudtemb3kdmRMy3dFDN7oyXZ +PqP6JJUqamxNHilxRVytNCZLiSuy1P2MnJamyLZIqcDiT6yvMVBqwuGdQrSTSKyu +g/sR+vUohuJrP2i3pCCEfGtH5Nfq6GpY6Swxec81wUoqReGVCGmSFSEaas21TFYf +ZzAEAhywveGegkhqvsGP9A1zrTs6ZTCRzun32MhSo4xH/YZaArMvRa6JiSWTA1fG +ctwXEwIBj0XNEWBsCPgVvaF9bglmQZ2Iqn4iOiHlRGT7KxgjT7w= +=o9t5 +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:05.pf.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:05.pf.asc Tue May 14 23:48:52 2019 (r53023) @@ -0,0 +1,134 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:05.pf Security Advisory + The FreeBSD Project + +Topic: IPv6 fragment reassembly panic in pf(4) + +Category: contrib +Module: pf +Announced: 2019-05-14 +Credits: Synacktiv +Affects: All supported versions of FreeBSD +Corrected: 2019-03-01 18:12:05 UTC (stable/12, 12.0-STABLE) + 2019-05-14 23:10:21 UTC (releng/12.0, 12.0-RELEASE-p4) + 2019-03-01 18:12:07 UTC (stable/11, 11.3-PRERELEASE) + 2019-05-14 23:10:21 UTC (releng/11.2, 11.2-RELEASE-p10) +CVE Name: CVE-2019-5597 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +pf(4) is an Internet Protocol packet filter originally written for OpenBSD. +In addition to filtering packets, it also has packet normalization +capabilities. + +II. Problem Description + +A bug in the pf(4) IPv6 fragment reassembly logic incorrectly uses the last +extension header offset from the last received packet instead of from the +first packet. + +III. Impact + +Malicious IPv6 packets with different IPv6 extensions could cause a kernel +panic or potentially a filtering rule bypass. + +IV. Workaround + +Only systems leveraging the pf(4) firewall and include packet scrubbing using +the recommended 'scrub all in' or similar are affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. +Afterwards, reboot the system. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Afterwards, reboot the system. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-19:05/pf.patch +# fetch https://security.FreeBSD.org/patches/SA-19:05/pf.patch.asc +# gpg --verify pf.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r344706 +releng/12.0/ r347591 +stable/11/ r344707 +releng/11.2/ r347591 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5597>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTsNfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cL1cxAAjYy90WBfuBkU/FddQWMJkXOn2YqABFxY/BfFpJEbGrnXXuxz9YJByK3b +6ikWq5HcxgL/9ek6QULwEOoNvms8tT4m4waJOLa3hZPoPlgD2ArgvdcEI00R/8T9 +Z+k1YlT0oLOY4XbVynPGNmiFNTAcsg7Ognp9yam3kmPZTMGYm6cKIBy1idrzCCmI +nj0SscyoL4Z09kSWe3UOitjh8cpxqGuvGosCb7YGPl6yTSalBUgP44Lyg7jS4nrZ +xjZxqhAfp7tk9peF4rov8apZIsrBF5GMaahnIGIwZzmRn/E1pND9qx1lB1Uh7rfR +nb8OmwbshJTWdnS1GXyLxRGJOd0zmh+YZ10ygZAQTM5sNaxfn6pWJFmr2S/mR+kN +RG/Bhj+lN7jh1eUNdwk/pAm0aZZ+J8GX4/QOrqPfGDko/s/S7YwJB/DKR/14uPY7 +Fwcgv4tvgoRstSKHdIe45d7/N0SgQCS/EfzVIO5XPQtkrk9/zalQubionijObr1Q +ARVl7H5M7m7kP8PJz/vRNvhar0c0xTk9ov2JDxKHKTd+7D78LQEAFvEGPIFREBsY +VBW8BqZbuVcsgrhr/YWFE3TEw4O0YbnY5g9wmVv+d/pdDngLuTsfbNEsAQewWcu/ +dYefeBMKBukyLUKtLYHjVAhUlL3hF3j/aBu498F6LRCzFcaoIOQ= +=0alQ +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:06.pf.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:06.pf.asc Tue May 14 23:48:52 2019 (r53023) @@ -0,0 +1,134 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:06.pf Security Advisory + The FreeBSD Project + +Topic: ICMP/ICMP6 packet filter bypass in pf + +Category: contrib +Module: pf +Announced: 2019-05-14 +Credits: Synacktiv +Affects: All supported versions of FreeBSD +Corrected: 2019-03-21 14:17:10 UTC (stable/12, 12.0-STABLE) + 2019-05-14 23:12:22 UTC (releng/12.0, 12.0-RELEASE-p4) + 2019-03-21 14:17:12 UTC (stable/11, 11.3-PRERELEASE) + 2019-05-14 23:12:22 UTC (releng/11.2, 11.2-RELEASE-p10) +CVE Name: CVE-2019-5598 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +pf(4) is an Internet Protocol packet filter originally written for OpenBSD. +In addition to filtering packets, it also has packet normalization +capabilities. + +II. Problem Description + +States in pf(4) let ICMP and ICMP6 packets pass if they have a packet in +their payload matching an existing condition. pf(4) does not check if the +outer ICMP or ICMP6 packet has the same destination IP as the source IP of +the inner protocol packet. + +III. Impact + +A maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules +and be passed to a host that would otherwise be unavailable. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. +Afterwards, reboot the system. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Afterwards, reboot the system. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-19:06/pf.patch +# fetch https://security.FreeBSD.org/patches/SA-19:06/pf.patch.asc +# gpg --verify pf.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r345377 +releng/12.0/ r347593 +stable/11/ r345378 +releng/11.2/ r347593 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://www.synacktiv.com/posts/systems/icmp-reachable.html>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5598>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTsdfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIjXA/9FevC+Ygihzb0J9MN0znEM883dk5sPCSvMwiivsNRkDMXreYqPXU+Fkt0 +iV1OZ8tKwKAihm+iGJ5mzS5l40wWF1oDcqJrC0myICdvreraoJKZvTLhgGIBqKkE +b8yIuzPueWdnnudoAzTV38RhyaP2aOb44OMUNPQZsEB/6hHsNvp9m6yAua/F+x9+ +N9J38Y/C6udsNfhqDeuCI4G8yiN33XfFiRbF+31rt3s0rUm6KGNsJanJe8dNAEvE +DN4tA4+MORnQ7QTLgOobGuLFhWJ2urC6psH8duO72hcSTzSkTZpxrC3f6SW8RlZ+ +Pbr4LZ6FA3bZp/sCmWPOot94hotBDr03MZwrxURokeDHZU1nUBsw0rmTG4aypujl +JrGPOAp89TtqrR0zV8DhpGO/RWoBeMDf7ZGvIplOIEF5rijQWEyC5pnYlBKPfSdm +UTxcN9RoJCfz7O4KLAAqhHiuu6xc+CqlQH1dvyLbqGVv9LzUQlziTNsbQ4cGryuj +g1TztU0VfpvHDkAKBh0iHwkoUqDSut3K19rFAQ3zkM/EodqSTkE1OG77pmsjYaVq +AfcnN/se8lklq0lKi3BwNvVIWTjhMAwY63otVxvVD4wrJrgQH8NKgOeYuGBreXeW +Uv569bIhR0/vsyGJK/SMKxBiAGfzkE7LqDMJqdXLsompX97nOwI= +=m3as +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:07.mds.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:07.mds.asc Tue May 14 23:48:52 2019 (r53023) @@ -0,0 +1,198 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:07.mds Security Advisory + The FreeBSD Project + +Topic: Microarchitectural Data Sampling (MDS) + *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905142348.x4ENmrj1075437>