From owner-freebsd-stable@freebsd.org Wed May 15 07:24:26 2019 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 26CE815AD6CB for ; Wed, 15 May 2019 07:24:26 +0000 (UTC) (envelope-from support@marmac.nl) Received: from mx5.mijnspamfilter.nl (mx5.mijnspamfilter.nl [37.48.83.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6829C76E6A; Wed, 15 May 2019 07:24:21 +0000 (UTC) (envelope-from support@marmac.nl) Received: from [94.124.95.194] (helo=[127.0.0.1]) by mx5.mijnspamfilter.nl with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from ) id 1hQoGq-0008Ng-NC; Wed, 15 May 2019 09:24:13 +0200 Message-ID: <83b0faf45215018532d82894acd72060@swift.generated> Date: Wed, 15 May 2019 07:23:15 +0000 Subject: (#2572022) Ticket gesloten door support From: =?UTF-8?B?TWFyTWFj?= To: freebsd-stable@freebsd.org Cc: errata-notices@freebsd.org MIME-Version: 1.0 X-Originating-IP: 94.124.95.194 X-SpamExperts-Domain: prima-it.nl X-SpamExperts-Username: supportpal X-SpamExperts-Outgoing-Class: ham X-SpamExperts-Outgoing-Evidence: SB/global_tokens (0.00176852475451) X-Recommended-Action: accept X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0XJZQFAmqAilMiozUWhfaCSpSDasLI4SayDByyq9LIhVKatYhaRFhmgI Ur4feUK1S0TNWdUk1Ol2OGx3IfrIJKyP9eGNFz9TW9u+Jt8z2T3KIvQHr/Y4gcPcWtzctnXaDqhl XavMTkgitliU64dEUA9G+uYQsJRIbwAAqBDad5pV3ACwUsyiPQ0SpaggCqkBziJet/5v+ZsXWr4e ZJvd2SfJjWZKm5jqM5KAKYJUkIEJv1OZq1WygSVBSKfkP8jtyxFqVaqdS+jxzMo65Uql0DXLnFFp slzlZw8qdBf2jEI7zSFLtj3wfjHGaq2zCfOe0FdWi9Yv/bCV/ZLLarbYl45OKOhu19vnHnkFxfR5 z2sYf0cnVwbwxyMyZnCDJmCieRLZ8URFrivgdwjOQrRU+1H7Jnb9qYX5S1ajQI9O+NabgqLpwMb+ 1rKXpdIT0eB0YNm18OiGlc6NtWUdUWp/E6MHPCNOxUxXI6XX1/yXK/O3fin0GiibdwQ1hqZVJgbL dpBC037EDRYhhWtZien7t7pIF0PsjArDxhLBlNmLk9GM28m6JjUulA4T7VAQQPKyrHCOfte63+Vd qCyh13mqo4NMWLBylTh/LPvmPGlT3xE8aIfVaCHpEB6cFH6WJxE4ZnLC6kUG6rJ4BrkP8X8PSfkt /pyZT/33ANB502EwqmCtzWaM70rplmEFD6EoY9t2vTCtF4dhFijZbOx5jK6xbsj1GsrUqsMGNQPH SwoUEuVLyk18GjosFe+UErw+G9g2RLPbaivpcR8bupDyqIGJuyIsWwQrwZ4hEN0TRsk7naqZQXyL 2rEpatDmglOGdUKLUSG7X+t1TW39Ja77LGPpOwBgAyxzfG4UOHK3SD7PXT7ZX4SWKZb/sjmEqY4E J/fJxjVSkTL6JlcnGcSy5rPt7Aj3LLIYpmFyKlJO1faZMzIsqF+3vNCO90DVE8LxbiRFFFtMe2XI zAzAGpYFdcl8M0XbsOhkH12sY/x7N04LPZqYsSuNxAAlTncZJIQ9WAM/xjEvuGslKTrRIXcXpFg5 ivY= X-Report-Abuse-To: spam@mx1.mijnspamfilter.nl X-Rspamd-Queue-Id: 6829C76E6A X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; spf=softfail (mx1.freebsd.org: 37.48.83.136 is neither permitted nor denied by domain of support@marmac.nl) smtp.mailfrom=support@marmac.nl X-Spamd-Result: default: False [2.31 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_XOIP(0.00)[]; FROM_EXCESS_BASE64(1.50)[]; TO_DN_NONE(0.00)[]; R_SPF_SOFTFAIL(0.00)[~all]; MX_GOOD(-0.01)[marmac-nl.mail.protection.outlook.com,marmac-nl.mail.protection.outlook.com]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:60781, ipnet:37.48.64.0/18, country:NL]; IP_SCORE(0.11)[asn: 60781(0.55), country: NL(0.01)]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(0.11)[0.110,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[marmac.nl]; NEURAL_SPAM_MEDIUM(0.62)[0.617,0]; NEURAL_SPAM_LONG(0.08)[0.084,0]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 May 2019 07:24:26 -0000 -#-#- Antwoord u boven deze lijn alstublieft -#-#- Beste freebsd-stabl= e@freebsd.org, Uw ticket is gesloten door een supportmedewerker. Indie= n u van mening bent dat het probleem niet volledig is opgelost, dan kunt u = antwoorden op deze e-mail. Your ticket has been marked as resolved by a m= ember of our staff. If you do not believe that this issue has been adequate= ly resolved, you may still reply to this ticket and an operator will respon= d shortly. You can review the ticket by going to: https://support.marmac.= nl/nl/tickets/view/2572022?token=3Dbbc117f8dea7bbe09d749a28bcddea263cefce3b= --------------------------------------------------------------- fre= ebsd-stable@freebsd.org User - 15/05/2019 02:45 -----BEGIN PGP SIGNED M= ESSAGE----- Hash: SHA512 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D FreeBSD-EN-19:10.scp Errata Notic= e The FreeBSD Project Topic: Insufficient filename validation in scp= (1) client Category: contrib Module: scp Announced: 2019-05-14 A= ffects: All supported versions of FreeBSD. Corrected: 2019-05-07 19:48:39= UTC (stable/12, 12.0-STABLE) 2019-05-14 22:54:17 UTC (releng/12.0, 12.0-= RELEASE-p10) CVE Name: CVE-2019-6111 For general information regardi= ng FreeBSD Errata Notices and Security Advisories, including descriptions= of the fields above, security branches, and the following sections, plea= se visit . I. Background scp= (1) is a file transfer protocol running over an SSH session. II. Probl= em Description The scp(1) client implementation fails to verify if the= objects returned by the server match what was requested. III. Impac= t A malicious scp server can write arbitrary files to the client. = IV. Workaround Switch to using the sftp(1) client, if possible. = V. Solution Note: While stable/11 and its release branches are curr= ently affected by this errata, due to the lack of patches, no fix is curr= ently available for stable/11. We are currently evaluating a backport for= these fixes to stable/11. Perform one of the following: 1) Upg= rade your system to a supported FreeBSD stable or release / security bran= ch (releng) dated after the correction date. 2) To update your system = via a binary patch: Systems running a RELEASE version of FreeBSD on th= e i386 or amd64 platforms can be updated via the freebsd-update(8) utilit= y: # freebsd-update fetch # freebsd-update install 3) To update= your system via a source code patch: The following patches have been = verified to apply to the applicable FreeBSD release branches. a) Dow= nload the relevant patch from the location below, and verify the detached= PGP signature using your PGP utility. [FreeBSD 12.0] # fetch https:= //security.FreeBSD.org/patches/EN-19:10/scp.patch # fetch https://securit= y.FreeBSD.org/patches/EN-19:10/scp.patch.asc # gpg --verify scp.patch.asc= b) Apply the patch. Execute the following commands as root: # cd= /usr/src # patch < /path/to/patch c) Recompile the operating system= using buildworld and installworld as described in . VI. Correction details The follo= wing list contains the correction revision numbers for each affected bran= ch. Branch/path Revision - -----------------------------------------= -------------------------------- stable/12/ r347232 releng/12.0/ r34758= 6 - ---------------------------------------------------------------------= ---- To see which files were modified by a particular revision, run th= e following command, replacing NNNNNN with the revision number, on a ma= chine with Subversion installed: # svn diff -cNNNNNN --summarize svn:/= /svn.freebsd.org/base Or visit the following URL, replacing NNNNNN wit= h the revision number: VII. References The latest revision of th= is advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9= FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTq1fFIAAAAAALgAo aXNzdWVyLWZwckBub3Rh= dGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1= NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cJXGQ/+Ii19QUq6MdSeNPPOHVTtW8G/FIls= aYYlCFooIvzxYxvcqDcCyabVlX/a Lt815YY7+EbKcSbA0Gh/YFm9S05rwUg4Dnj8nIQwMVp9= OEtziIdY6TVU0JhRoUpe +YVG9e5eh8wK7FFJ/jIaZbAcr2MfMYV2KPouA1HZdqsMBkAkr8xu= S3HrmkeE0nxo 6QHTWaaD7qvr8foUSHS1hJsAX3+1eIsdytGUTJIGeL6g7DWsLYYiX7v2k+eZ= uSe1 dkt7/3J+RqpyJAv+LfGh3QnILC52fO7jOVlnOBt5H/HefX+xRdb8lwHfoBeyxIFc N= 4v4Ecypewci6Hv4moTeZF+FtIETHj3EfPIe04eiikiGhrpGQ4cCveK6+kk49x4m RR7TE+y7k= lGIfoSuxoooaJ1/UyFJ9T0eICmBUh1B5rcrnwbbhgpXVPpbbee7IFL2 HYiEuDECPN45zek+b= L0M5D0wHZc823e7p1Ioxl1NNzawdts7hWwIpNmFTlfWNczQ KZ9y0bDFffK3nuUkMHORLagCM= 6ou/wAPunsnWXY3Xg3X61svYIvZThDIeeOi9SbF d1ve8/H/t5yHRQBpqWk51FfO4RdPmQAo6= Y9w9WzhnkETsNXeTruQq7D8SnOaWgXG JUh9PAVQKcJRWPXVwDTPEsqRgaDVB0gpaPCt5IS2j= 2tyB8UuAd4=3D =3D2h+W -----END PGP SIGNATURE----- ___________________= ____________________________ freebsd-announce@freebsd.org mailing list = https://lists.freebsd.org/mailman/listinfo/freebsd-announce To unsubscrib= e, send any mail to "freebsd-announce-unsubscribe@freebsd.org" ----------= ----------------------------------------------------- Ticket Details= Ticket #: 2572022 Subject: [FreeBSD-Announce] FreeBSD Errata Notice Fr= eeBSD-EN-19:10.scp Department: Support | Marmac Status: Gesloten Prio= rity: Laag You can review the ticket by going to: https://support.ma= rmac.nl/nl/tickets/view/2572022?token=3Dbbc117f8dea7bbe09d749a28bcddea263ce= fce3b Kind Regards, MarMac