Date: Wed, 15 May 2019 07:23:15 +0000 From: =?UTF-8?B?TWFyTWFj?= <support@marmac.nl> To: freebsd-stable@freebsd.org Cc: errata-notices@freebsd.org Subject: (#2572022) Ticket gesloten door support Message-ID: <83b0faf45215018532d82894acd72060@swift.generated>
next in thread | raw e-mail | index | archive | help
-#-#- Antwoord u boven deze lijn alstublieft -#-#- Beste freebsd-stabl= e@freebsd.org, Uw ticket is gesloten door een supportmedewerker. Indie= n u van mening bent dat het probleem niet volledig is opgelost, dan kunt u = antwoorden op deze e-mail. Your ticket has been marked as resolved by a m= ember of our staff. If you do not believe that this issue has been adequate= ly resolved, you may still reply to this ticket and an operator will respon= d shortly. You can review the ticket by going to: https://support.marmac.= nl/nl/tickets/view/2572022?token=3Dbbc117f8dea7bbe09d749a28bcddea263cefce3b= --------------------------------------------------------------- fre= ebsd-stable@freebsd.org User - 15/05/2019 02:45 -----BEGIN PGP SIGNED M= ESSAGE----- Hash: SHA512 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D FreeBSD-EN-19:10.scp Errata Notic= e The FreeBSD Project Topic: Insufficient filename validation in scp= (1) client Category: contrib Module: scp Announced: 2019-05-14 A= ffects: All supported versions of FreeBSD. Corrected: 2019-05-07 19:48:39= UTC (stable/12, 12.0-STABLE) 2019-05-14 22:54:17 UTC (releng/12.0, 12.0-= RELEASE-p10) CVE Name: CVE-2019-6111 For general information regardi= ng FreeBSD Errata Notices and Security Advisories, including descriptions= of the fields above, security branches, and the following sections, plea= se visit <URL:https://security.FreeBSD.org/>. I. Background scp= (1) is a file transfer protocol running over an SSH session. II. Probl= em Description The scp(1) client implementation fails to verify if the= objects returned by the server match what was requested. III. Impac= t A malicious scp server can write arbitrary files to the client. = IV. Workaround Switch to using the sftp(1) client, if possible. = V. Solution Note: While stable/11 and its release branches are curr= ently affected by this errata, due to the lack of patches, no fix is curr= ently available for stable/11. We are currently evaluating a backport for= these fixes to stable/11. Perform one of the following: 1) Upg= rade your system to a supported FreeBSD stable or release / security bran= ch (releng) dated after the correction date. 2) To update your system = via a binary patch: Systems running a RELEASE version of FreeBSD on th= e i386 or amd64 platforms can be updated via the freebsd-update(8) utilit= y: # freebsd-update fetch # freebsd-update install 3) To update= your system via a source code patch: The following patches have been = verified to apply to the applicable FreeBSD release branches. a) Dow= nload the relevant patch from the location below, and verify the detached= PGP signature using your PGP utility. [FreeBSD 12.0] # fetch https:= //security.FreeBSD.org/patches/EN-19:10/scp.patch # fetch https://securit= y.FreeBSD.org/patches/EN-19:10/scp.patch.asc # gpg --verify scp.patch.asc= b) Apply the patch. Execute the following commands as root: # cd= /usr/src # patch < /path/to/patch c) Recompile the operating system= using buildworld and installworld as described in <URL:https://www.FreeB= SD.org/handbook/makeworld.html>. VI. Correction details The follo= wing list contains the correction revision numbers for each affected bran= ch. Branch/path Revision - -----------------------------------------= -------------------------------- stable/12/ r347232 releng/12.0/ r34758= 6 - ---------------------------------------------------------------------= ---- To see which files were modified by a particular revision, run th= e following command, replacing NNNNNN with the revision number, on a ma= chine with Subversion installed: # svn diff -cNNNNNN --summarize svn:/= /svn.freebsd.org/base Or visit the following URL, replacing NNNNNN wit= h the revision number: <URL:https://svnweb.freebsd.org/base?view=3Drev= ision&revision=3DNNNNNN> VII. References <URL:https://cve.mitre.o= rg/cgi-bin/cvename.cgi?name=3DCVE-2019-6111> The latest revision of th= is advisory is available at <URL:https://security.FreeBSD.org/advisories/= FreeBSD-EN-19:10.scp.asc> -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9= FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTq1fFIAAAAAALgAo aXNzdWVyLWZwckBub3Rh= dGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1= NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cJXGQ/+Ii19QUq6MdSeNPPOHVTtW8G/FIls= aYYlCFooIvzxYxvcqDcCyabVlX/a Lt815YY7+EbKcSbA0Gh/YFm9S05rwUg4Dnj8nIQwMVp9= OEtziIdY6TVU0JhRoUpe +YVG9e5eh8wK7FFJ/jIaZbAcr2MfMYV2KPouA1HZdqsMBkAkr8xu= S3HrmkeE0nxo 6QHTWaaD7qvr8foUSHS1hJsAX3+1eIsdytGUTJIGeL6g7DWsLYYiX7v2k+eZ= uSe1 dkt7/3J+RqpyJAv+LfGh3QnILC52fO7jOVlnOBt5H/HefX+xRdb8lwHfoBeyxIFc N= 4v4Ecypewci6Hv4moTeZF+FtIETHj3EfPIe04eiikiGhrpGQ4cCveK6+kk49x4m RR7TE+y7k= lGIfoSuxoooaJ1/UyFJ9T0eICmBUh1B5rcrnwbbhgpXVPpbbee7IFL2 HYiEuDECPN45zek+b= L0M5D0wHZc823e7p1Ioxl1NNzawdts7hWwIpNmFTlfWNczQ KZ9y0bDFffK3nuUkMHORLagCM= 6ou/wAPunsnWXY3Xg3X61svYIvZThDIeeOi9SbF d1ve8/H/t5yHRQBpqWk51FfO4RdPmQAo6= Y9w9WzhnkETsNXeTruQq7D8SnOaWgXG JUh9PAVQKcJRWPXVwDTPEsqRgaDVB0gpaPCt5IS2j= 2tyB8UuAd4=3D =3D2h+W -----END PGP SIGNATURE----- ___________________= ____________________________ freebsd-announce@freebsd.org mailing list = https://lists.freebsd.org/mailman/listinfo/freebsd-announce To unsubscrib= e, send any mail to "freebsd-announce-unsubscribe@freebsd.org" ----------= ----------------------------------------------------- Ticket Details= Ticket #: 2572022 Subject: [FreeBSD-Announce] FreeBSD Errata Notice Fr= eeBSD-EN-19:10.scp Department: Support | Marmac Status: Gesloten Prio= rity: Laag You can review the ticket by going to: https://support.ma= rmac.nl/nl/tickets/view/2572022?token=3Dbbc117f8dea7bbe09d749a28bcddea263ce= fce3b Kind Regards, MarMac
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?83b0faf45215018532d82894acd72060>