From owner-freebsd-security@freebsd.org  Wed Oct 26 23:18:50 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C91E5C23444
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed, 26 Oct 2016 23:18:50 +0000 (UTC)
 (envelope-from mark.picone@deakin.edu.au)
Received: from APC01-SG2-obe.outbound.protection.outlook.com
 (mail-sg2apc01on0137.outbound.protection.outlook.com [104.47.125.137])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client CN "mail.protection.outlook.com",
 Issuer "Microsoft IT SSL SHA2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A7124236
 for <freebsd-security@freebsd.org>; Wed, 26 Oct 2016 23:18:47 +0000 (UTC)
 (envelope-from mark.picone@deakin.edu.au)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deakin.edu.au;
 s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=2qEovcCX0vKHxUB9dcNsACr8keUujR+uNp7E1JiF4x8=;
 b=WGDJG5G4qr/760Rzu0QtOqGfhtsyFSenWMSAHNQqG+byYQgJhGgRvJ0otNJdCgDdgSF5GdYavvmncKbKaGxTDvMcsBVqddIUxS1KxuzTAZHujAIy2QhnARYbbKnGh+yivb/gOzfIzgp2c7wPedzx424ov5g46t+qHr06vBD7IXk=
Received: from PS1PR06CA0040.apcprd06.prod.outlook.com (10.169.59.178) by
 HK2PR06MB0404.apcprd06.prod.outlook.com (10.160.178.20) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.679.12; Wed, 26 Oct 2016 04:49:27 +0000
Received: from SY3AUS01FT008.eop-AUS01.prod.protection.outlook.com
 (2a01:111:f400:7eb5::203) by PS1PR06CA0040.outlook.office365.com
 (2a01:111:e400:7829::50) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.679.12 via
 Frontend Transport; Wed, 26 Oct 2016 04:49:25 +0000
Authentication-Results: spf=pass (sender IP is 128.184.35.186)
 smtp.mailfrom=deakin.edu.au; freebsd.org; dkim=none (message not signed)
 header.d=none;freebsd.org; dmarc=pass action=none header.from=deakin.edu.au;
Received-SPF: Pass (protection.outlook.com: domain of deakin.edu.au designates
 128.184.35.186 as permitted sender)
 receiver=protection.outlook.com; 
 client-ip=128.184.35.186; helo=exch15-hybrid-b.du.deakin.edu.au;
Received: from exch15-hybrid-b.du.deakin.edu.au (128.184.35.186) by
 SY3AUS01FT008.mail.protection.outlook.com (10.152.234.83) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.679.5 via Frontend Transport; Wed, 26 Oct 2016 04:49:25 +0000
Received: from exch15-f-1.du.deakin.edu.au (10.68.72.129) by
 exch15-hybrid-b.du.deakin.edu.au (128.184.35.186) with Microsoft SMTP Server
 (TLS) id 15.0.1178.4; Wed, 26 Oct 2016 15:49:22 +1100
Received: from exch15-f-1.du.deakin.edu.au (10.68.72.129) by
 exch15-f-1.du.deakin.edu.au (10.68.72.129) with Microsoft SMTP Server (TLS)
 id 15.0.1178.4; Wed, 26 Oct 2016 15:49:21 +1100
Received: from exch15-f-1.du.deakin.edu.au ([10.68.72.129]) by
 exch15-f-1.du.deakin.edu.au ([10.68.72.129]) with mapi id 15.00.1178.000;
 Wed, 26 Oct 2016 15:49:21 +1100
From: Mark Picone <mark.picone@deakin.edu.au>
To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject: RE: FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED]
Thread-Topic: FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED]
Thread-Index: AQHSLua2NBCLkp5ICk2fMcmreO4tt6C5bGmAgAC7QBA=
Date: Wed, 26 Oct 2016 04:49:20 +0000
Message-ID: <9c684248eee34983aa5f890225ef65b6@exch15-f-1.du.deakin.edu.au>
References: <20161025173641.BCDFD1911@freefall.freebsd.org>
 <20161026042748.GG60006@garage.freebsd.pl>
In-Reply-To: <20161026042748.GG60006@garage.freebsd.pl>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.68.0.215]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:128.184.35.186; IPV:NLI; CTRY:AU; EFV:NLI;
 SFV:NSPM;
 SFS:(10019020)(6009001)(7916002)(2980300002)(438002)(377454003)(377424004)(13464003)(189002)(24454002)(199003)(54524002)(5660300001)(42882006)(54356999)(47776003)(2351001)(626004)(97756001)(74482002)(102836003)(106116001)(92566002)(15650500001)(76176999)(106466001)(8746002)(2906002)(5640700001)(10710500007)(8676002)(2420400007)(16601075003)(50986999)(8936002)(10400500002)(3846002)(305945005)(6116002)(23726003)(189998001)(5890100001)(11100500001)(19580405001)(7846002)(7636002)(88552002)(7736002)(4001150100001)(2501003)(107886002)(19580395003)(33646002)(356003)(77096005)(15975445007)(86362001)(7696004)(108616004)(46406003)(230783001)(586003)(24736003)(110136003)(2900100001)(450100001)(2950100002)(6916009)(50466002)(87936001)(575784001)(246002);
 DIR:OUT; SFP:1102; SCL:1; SRVR:HK2PR06MB0404;
 H:exch15-hybrid-b.du.deakin.edu.au; FPR:; SPF:Pass;
 PTR:exch15-hybrid-b.its.deakin.edu.au; MX:1; A:1; LANG:en; 
X-Microsoft-Exchange-Diagnostics: 1; SY3AUS01FT008;
 1:uv048OOsMtQMtxeUJHgAY4yLd/NhpGOVmRn+mu98O5gvx2o103E/OfBnXK1CpJHKBAr1TNWSWwqlri14UPY8ttHyPDZCi5p1GeRvGVcUN5DdvaBNSWaspRztWt0RMjVpZx7uFGLAinLKOYuKI8RDvidpau/hzTofqbRvrITBdrqHIA2PyHgz3IczvSPIIRI2U5ZRxyHdmoLyBULQI3EDm009Ymxoq3JM6GP/JoA5Q2uSrxz1ZRuau2qorNB80IW+Y2QI/u1pqoPjlOHHKhng/Cyb+a+Az4zKSryR7XWETttUd68v8/6nILRm7VrQE80Z2RXTJCqrBw3okRg5dtGL6V5IGAEgUE3S3W98sV0ueoHf1j1yc7MMsW4XSP6kES3x7k9ghOpftiU2SOKj441ndg+zqnwav9uXRPxIcubJuDmVALLE6fz6BkWLNjHt4yfb4MFRDu4Qlkv+yNqi019xqujigt/ybjEcVU3htlaSeUCfFX9yW9YKLsXfCvfIs9WW
X-MS-Office365-Filtering-Correlation-Id: 7a856f0a-ab2e-435a-3a35-08d3fd5b7610
X-Microsoft-Exchange-Diagnostics: 1; HK2PR06MB0404;
 2:9tVUb8zc761yAcakUeLNAU/jvisrt5lcEoaqFMjEnxPnrBdz3Y5GBQ/xDguL3d3XCGkXCdoOKIhoqKvF7BSCtwEGx8dZF0nGvdvkwTjFAydENggG9xtYGVPLmai6lEVLo8U6ZQHSktv2UDPpXndrxqUvbueNtqoo9ZdKbERhPERK65j1YL7j3K/y2yzIy2oEBgQbNRjrDAk3WWZEd9INaQ==;
 3:xq00/UHO4yTbCi9eqOiLjp6K7Lb1t1FxZCwpr6odA/ZDG6TOBJ3y7zZHs/3S0p2MrwY7acnmM26zJdAbDA5ID7DtkXJocYq0568FasQSxlztVSZny5beU2dQJUduOhPev+B0WJozmaLppc3DBv4gOmCcddX+iLobrEVDqxFTQCC6eA1mOaczvkZiC4tvlGCSo68ky9hly3YxzOzewLQKK2at/1FgvfNWL1UBFmBlG3i5lw+OsZkEKj49wg7osTZPVW+mFLKXnb3qBDDzH705Gl9R7KyReMOfCdmxq9HRcco=;
 25:nBODew1yYxDLkMtUBchamAytLfYWUHICHgdse3hwFtTSvQsGtVNaTpz4JP27FoHKdK2uPVve2ViAY0pZJ1UZcPmVZy5yx7RdbCmwBQTFyMu0K7qReZbpdB/zq9iqAt7aFSfyEnU/MFYe7pPhmK5zrmzlodCTV9Np+aruhkk9EgTfifX/5k0ceu699IMMYA7+9KAyf1H1IH+b/nWsgf/E+D+9u/bTkARmltfCb0dRe4nr2v+bB1ysZP0fMmNAk/zF4qZjGuUQE7jiIVt0BAi/7z8cUsTT+N1Qd2r2WakaEOWELFG6xKCCW2gZoD2fdmOFZcoYuOBlIam9eW7i2vmHBsBvwJPsr2hsVhfUECCqBmkiLWr5g2/OqX+K5n4evCIxKF0b0gfXfTMA4R4DrrjD+BPy6Lwf52zBC/FDryB
 MThHzwutAl9dEL6Z2S4ydbS03
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(8251501002);
 SRVR:HK2PR06MB0404; 
X-Microsoft-Exchange-Diagnostics: 1; HK2PR06MB0404;
 31:K0nu0G48VFH4hhw8bI5alWn5OyqYcoK6PLyEJel/PE3ebQFHLUeXeWqx3DdmMAn9DtODfmwG/84429HhWGz+qzmXuw7xBAl1/+cfhARpQvZyo9Y2ojNVGFNJEvPDjcHx7Il46/X2PrFg2qIeRAeMA5gzey13we6ySxxfs+mFGcxo00UWRMazvCzWEa9Gxp94qx6JmcPrBvmGBNQnQO6/1C2W2R8pDsPy4HDwzwvWYjLa2qb4XL78g5r6g8ElbCan;
 20:tabQMkmKi+hlIyJNGLVO/dq+JcSC5pk5UF00qJzdMxfsXVXIocnrgM6mSGPExh7RzwC84j6fBSUN6WPa4ehFlrEigsDsUzyOntRBqj1OdHflo/T/0bDRFtDF5PD3CRdfR/TAsIek3DY1Ia9YFPubZa2gGre2yO7uNg6FBD0/lKAXFndX/tvj/jFXer+JTOYRFE+qSfzZJ3bCi0V0LXpz3bN5MDhcYWc8BeemYzhiwTqNQ3FlMVPbNsS6vWNITU4yx+UNOn9jcE/AI+3avgTEUSYkP4mcbzvsHbIPCK5T6o5R9Gkul21PH0yLHXgUTeMBBsIDWjoaohnFj0Cur7IB7Go5l9gaPKFR6npQ0+Cd3nS74LlIMWQLbHBHdqumDM5JaeacBpi2RD+Wa+CcQLyrajx4bs9YtSJ+ePSE00naBl5kExL6OU5zE/rY7WuoVGqvZRokT2JjCjG81VL4CCEAx0JHbUcpHiReyhChHkY56frpvdbS5hPbGABbBs7cwvaV
X-DknRule-Disclaimer: Triggered
X-Microsoft-Antispam-PRVS: <HK2PR06MB0404AA668B08C3E96937754CB3AB0@HK2PR06MB0404.apcprd06.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(56005881305849)(76373721406558)(192374486261705)(75325880899374); 
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
 RULEID:(6040176)(601004)(2401047)(5005006)(13018025)(13016025)(8121501046)(10201501046)(3002001);
 SRVR:HK2PR06MB0404; BCL:0; PCL:0; RULEID:; SRVR:HK2PR06MB0404; 
X-Microsoft-Exchange-Diagnostics: 1; HK2PR06MB0404;
 4:oIoasNCumpd2PS41qO5fvGqVLWhtn3Qx00QmueQZNl9XXiro40mIoxF6Z1u0pJicMVNvYqtR2QFoXQyfeh0j+TDZ3KEyUBjA/gswniKOlBXsqQoBm/TaVorn1KNRJsWt+lcCpvMQPWyBc0I5qWU1CmsXA8/AGWv/7TRhUqz/tG4UrtA6xvXv2j4N4PbPkye8cG0UvW8O6ZRDc4pj5v3j26zdUloRR+hqY2CJt0mNcwgmTBXTLOZZBdDG6DN5PnQVPt3f+2Sz7iU3YQ/ZcOUyjRFXCd6l3YwRUBkpF3OM6OCo2w2SMDLNYMN5nN7qWJcdFgFlMVe3EC5jCT8X4gZvNdwBR1HbrNwf2BY+7AoKEJXBSycO8H/8cZGNMltPzFmQ0iyjFbodmy+wPzwoejPk8CCuuq4Zv5/q4J2nOKPrTeF/wsu5HkKs6z954A25GkPqBOFPUEP5oG+Ik/ZhtX7dYR89doujrbK4FTztuIj5fznu3hrtuXfZhz+oEMnhPkJdoFyYHkf3s0kfkFLnRdf/WQ2r1EnRNbZchHCnBSgQ8FAt91EVDb+nlNVuoSTdcZqzXcr8xKPjopasSXRP+h4Dhg==
X-Forefront-PRVS: 0107098B6C
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; HK2PR06MB0404;
 23:8DKuhJ+UA15gS04IqiofrqyGObMrq/XC5GmWTEqyq?=
 =?us-ascii?Q?jHlI56srtYH2AnYo3xIi6hsY0oVqIG63lRcuP00roiKdx+lQcOgwYTwlFjG/?=
 =?us-ascii?Q?0HRvGyKN7bLLckfhtMpMECA8T+PWhexk8rkw8Xwr1zytV48qThWcjthgAaBh?=
 =?us-ascii?Q?5r3rQN8yDHSiogWnR9u4e5a515qT8Yf57siezrDeKls2cfYNn7DCX77tfpkO?=
 =?us-ascii?Q?rW6DdXulGcbWeZvlNubuwCqfF7C/5mpEcHNZesCkFAr5WUxaSZkxVvP4UJoa?=
 =?us-ascii?Q?c/DAIwa2vP8dxLLPT9z0WKSmWscwuIu3n0zFhyNf1MD+3D2ktMb+TdX2mexs?=
 =?us-ascii?Q?jYaiN4Jk+OoZhcKp5AK/APnyjDW1k7Qw9FEoMHclkXzxXDl4HYKH+vcYZ1IB?=
 =?us-ascii?Q?0BbwNZbxbwcUMwlu4EJl0pfyCMaiOdWdNJzZ2b3TtTnVMhMF5UYuoi6IRT/G?=
 =?us-ascii?Q?FeAyB+FonUAewOXmXD1Zr96cHn9V/F33km/wg2XdWxkp/ya+vUzsDC2N8DvO?=
 =?us-ascii?Q?2iL72GyewwR66oa8txpte1e+LpYzOuQMAba87kI+qTHnnm3PABw8E2DxJ0/7?=
 =?us-ascii?Q?WrXL/0WABfxHAixgYEQMjjM/McV3WCOFw2hcGFpUpOxl4Oegw0otroiDQGgO?=
 =?us-ascii?Q?RkzVkFj2Qp7JC15ZX12En2N2Dsm3kW58gnpbpuOsp7wUr2QWuRTL99keJv/G?=
 =?us-ascii?Q?pDcxOixSy7Ux9AsDjnm26rh/BDzSSjtprNJd18uwS+myKoqb1Mu/idovuZ4E?=
 =?us-ascii?Q?UbD0tGoJzG/RgI9WjJQlqxv3miVfipQLWT4f5KeDrjndRe6M/e8LqP2p17FY?=
 =?us-ascii?Q?vFS883wOoiH7Gam/QJadYuPr7fXvpNf1kfcdRBouMfNNE632OVWZvCTnjAoa?=
 =?us-ascii?Q?KU4ibIQBHxuvseuzy1yVpsXIZAjY8BdIrwA57jGT7XT8qtkISvlBTd61fr+r?=
 =?us-ascii?Q?F7qNf5kJuEqmIDwD5MduKYiSNSaDb6iYw4M0NDeTYNFmT267dL/g7YIdByUj?=
 =?us-ascii?Q?2159Lxy2e7RWh1n/lvIJrUyVJuwA3UTrp9H0Fho5PYchO65VSdeK2czXOvPf?=
 =?us-ascii?Q?RT3Uv4CJjwXJrER36Ag79dI50ptI0D6uBIx5BCXnNQGHQy383wS5ZqROHJRc?=
 =?us-ascii?Q?qzHzZUepkakMU7/nbcsISH3ZtaxIpAjySriOqsWdIsGy/f2p4dVe6kMkgTQ8?=
 =?us-ascii?Q?/iwIGhyg0GYAmm/pEaJlzQH1zODhkiCFtzCoOAGOMQ/VTpCqVaDslHCS31RQ?=
 =?us-ascii?Q?YF82Pi06pcmLAaQ4jKLhFfBLK+cC4265/XnK2/le+1kNuFTZLE6+mzfAO0Sq?=
 =?us-ascii?Q?21g+8vGvj15sL8u7kJSHExg8U7Cl7ysNcGie6Yny7JKeWXqSY25ILAdOw7Hv?=
 =?us-ascii?Q?vgOr6wKwgEanz1U/S/MAlW0gyETkXfKWhcst2VL8gGNgAGeZdL0tWsYbzlE0?=
 =?us-ascii?Q?RHUGQELEuA8VJUfwAVUVanqdoClG9UQyEWmG83QlhEj1ta7RciS7ChLlY3OF?=
 =?us-ascii?Q?CoLNIdzbHVm6U+9yMVfOBDkOSwriFm1/fGGB3+DewG3T+aCA54urBgRU2cYG?=
 =?us-ascii?Q?OQy6r/dF8CXnv2GgsmHJhQ3wSDoNnyEu0qw5gXUzQpL1wBPDtvQM5lBNLxXf?=
 =?us-ascii?Q?BhPAuLmenqWIXdnvudSlGWKCeeSkzaB4Xt+BVkBAEUtX0u9PDoOu6oiKq2s4?=
 =?us-ascii?Q?NP4DMdWxXUMgncM5zw1zfPa+3+u6BBmDCjkm6klf6DpnRFJueFMjCOqtcGhB?=
 =?us-ascii?Q?ch5yPGi?=
X-Microsoft-Exchange-Diagnostics: 1; HK2PR06MB0404;
 6:FTfkwD9F/tdtU7u174KfUK9h37HcCBzBvUuczQyGcNFm3ksh8yoQbtvZ3mhfFvV610SHVtQ5utTfa5eRQie+bixGMjlwNnEAVUS/kIaeN92YGL/Nw6I4hqn7AObhGF5RO6WVoX1TTDE5t8uzQ8J/MMIeZaPlfUEnUB01v/HNPMCwrtBEkE1FIgkFbDG2pbuJKpzMfL6CZDl2ZlX4GHoYT/gMxt8WdQCKaAN4CFhibI9A0HHiMnptB/H1k3pR9g9ulhHkF5AB24ybOB2X7nhKXA2YZo7OttAgXAZkjvYQnXBW8fKtcu99LTQdDDoUDz4b;
 5:1AgU1t3CH9IOmrpV7aY3KGqzKvxc0Pnoma6USGwTa+7+LTJ3I4HNSE3Ndi3J4khTtoABr4HvHId08Sf6NN2gp0ShUzzLVD2Y94tDRCF9187sKWEwVWTFlixafxlE6er0kTWmkLgGwylJBNiiRgF0zBap3cvuIegz/QqST+nV08w=;
 24:5l0A0TRL75g6/lNJnwyoZeau7laq2LCaLwYUBRstFwdI1251+8GYTC/d0GyLHjZ3N9LTrvkU3Uhj3RwXHat8Qms/z1j693OnuaWkH0rbjL0=;
 7:ORTNDtbE9NxnZ1+hjNUWb3OkFH1tYul8LiFUbvffxYa1fOd4fMiXN3ApT+LqMYQ+H0b2uHmx/PLwyY4TGTTeYpaRPSim6LlKPmrYZBhdsgrgfd0gHfLPEu0SxBZ2B/dAc3Vsj49A1a9epvsBfYwyiEE3sFJQQM5vl9Arwkg/eAJTWoSoxyGIWxVVraEE8oLi+6SVO92MwpaE5fjSuAVIOj9io+9osLnWYL5AUN2bMbmVMT2/sczLj7UGVk91NZRbhKLtUav27+IB0057dAo2p8tCA/T1I7GqxrLfEZGWX1j3IaZjaiOHLvz69XQWzwwSyr/yp7Uls5yWBhji
 d9urq6f8rWu6siJAJismiGMMB1E=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Oct 2016 04:49:25.2591 (UTC)
X-MS-Exchange-CrossTenant-Id: d02378ec-1688-46d5-8540-1c28b5f470f6
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d02378ec-1688-46d5-8540-1c28b5f470f6; Ip=[128.184.35.186];
 Helo=[exch15-hybrid-b.du.deakin.edu.au]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2PR06MB0404
X-Microsoft-Exchange-Diagnostics: 1; HK2PR06MB0404;
 23:M2LPEnL1Q1tC+LGUgIBQ3fdAxBzye21CbWn74ehZNVBtD7Yr10ZmHrTehN55tqj/aVCr7KR7ERTRMDnUq1jprsDkpzhJZ4/rKbec/Sz/JnaeFohro5/EUJMHDfUhIDfSDVqjk4NiMHSLji7UXnOcve4pwOxUKP078FmfUmd3BeUQiLHI4C3jPCPP1wGFY/IA
X-OriginatorOrg: deakin.edu.au
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2016 23:18:50 -0000

Since the security team have had the procedure of publishing security advis=
ories for vulnerabilities once a fix available: https://www.freebsd.org/doc=
/handbook/security-advisories.html

-----Original Message-----
From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@fre=
ebsd.org] On Behalf Of Pawel Jakub Dawidek
Sent: Wednesday, 26 October 2016 3:28 PM
To: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED]

Hi guys,

since when do we publish security advisories for local DoSes?

On Tue, Oct 25, 2016 at 05:36:41PM +0000, FreeBSD Security Advisories wrote=
:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> FreeBSD-SA-16:15.sysarch [REVISED]                          Security Advi=
sory
>                                                           The FreeBSD
> Project
>
> Topic:          Incorrect argument validation in sysarch(2)
>
> Category:       core
> Module:         kernel
> Announced:      2016-10-25
> Credits:        Core Security, ahaha from Chaitin Tech
> Affects:        All supported versions of FreeBSD.
> Corrected:      2016-10-25 17:14:50 UTC (stable/11, 11.0-STABLE)
>                 2016-10-25 17:11:20 UTC (releng/11.0, 11.0-RELEASE-p2)
>                 2016-10-25 17:16:08 UTC (stable/10, 10.3-STABLE)
>                 2016-10-25 17:11:15 UTC (releng/10.3, 10.3-RELEASE-p11)
>                 2016-10-25 17:11:11 UTC (releng/10.2, 10.2-RELEASE-p24)
>                 2016-10-25 17:11:07 UTC (releng/10.1, 10.1-RELEASE-p41)
>                 2016-10-25 17:16:58 UTC (stable/9, 9.3-STABLE)
>                 2016-10-25 17:11:02 UTC (releng/9.3, 9.3-RELEASE-p49)
> CVE Name:       CVE-2016-1885
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:https://security.FreeBSD.org/>.
>
> 0.   Revision history
>
> v1.0  2016-03-16 Initial release.
> v1.1  2016-10-25 Revised patch to address a problem pointed out by
>                  ahaha from Chaitin Tech.
>
> I.   Background
>
> The IA-32 architecture allows programs to define segments, which
> provides based and size-limited view into the program address space.
> The memory-resident processor structure, called Local Descriptor
> Table, usually abbreviated LDT, contains definitions of the segments.
> Since incorrect or malicious segments would breach system integrity,
> operating systems do not provide processes direct access to the LDT,
> instead they provide system calls which allow controlled installation
> and removal of segments.
>
> II.  Problem Description
>
> A special combination of sysarch(2) arguments, specify a request to
> uninstall a set of descriptors from the LDT.  The start descriptor is
> cleared and the number of descriptors are provided.  Due to lack of
> sufficient bounds checking during argument validity verification,
> unbound zero'ing of the process LDT and adjacent memory can be
> initiated from usermode.
>
> III. Impact
>
> This vulnerability could cause the kernel to panic. In addition it is
> possible to perform a local Denial of Service against the system by
> unprivileged processes.
>
> IV.  Workaround
>
> No workaround is available, but only the amd64 architecture is affected.
>
> V.   Solution
>
> Perform one of the following:
>
> 1) Upgrade your vulnerable system to a supported FreeBSD stable or
> release / security branch (releng) dated after the correction date.
>
> Reboot is required.
>
> 2) To update your vulnerable system via a binary patch:
>
> Systems running a RELEASE version of FreeBSD platforms can be updated
> via the freebsd-update(8) utility:
>
> # freebsd-update fetch
> # freebsd-update install
>
> Reboot is required.
>
> 3) To update your vulnerable system via a source code patch:
>
> The following patches have been verified to apply to the applicable
> FreeBSD release branches.
>
> [*** v1.1 NOTE ***] If your sources are not yet patched using the
> initially published advisory patches, then you need to apply both
> sysarch.patch and sysarch-01.patch.  If your sources are already
> updated, or patched with patches from the initial advisory, then you
> need to apply sysarch-01.patch only.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> [ FreeBSD system not patched with original SA-16:15 patch] # fetch
> https://security.FreeBSD.org/patches/SA-16:15/sysarch.patch
> # fetch
> https://security.FreeBSD.org/patches/SA-16:15/sysarch.patch.asc
> # gpg --verify sysarch.patch.asc
>
> [ FreeBSD system that has been patched with original SA-16:15 patch] #
> fetch https://security.FreeBSD.org/patches/SA-16:15/sysarch-01.patch
> # fetch
> https://security.FreeBSD.org/patches/SA-16:15/sysarch-01.patch.asc
> # gpg --verify sysarch-01.patch.asc
>
> b) Apply the patch(es).  Execute the following commands as root for
> every patch file downloaded:
>
> # cd /usr/src
> # patch < /path/to/patch
>
> c) Recompile your kernel as described in
> <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot
> the system.
>
> VI.  Correction details
>
> The following list contains the correction revision numbers for each
> affected branch.
>
> Branch/path                                                      Revision
> - -----------------------------------------------------------------------=
--
> stable/9/                                                         r307941
> releng/9.3/                                                       r307931
> stable/10/                                                        r307940
> releng/10.1/                                                      r307932
> releng/10.2/                                                      r307933
> releng/10.3/                                                      r307934
> stable/11/                                                        r307938
> releng/11.0/                                                      r307935
> -
> ----------------------------------------------------------------------
> ---
>
> To see which files were modified by a particular revision, run the
> following command, replacing NNNNNN with the revision number, on a
> machine with Subversion installed:
>
> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
>
> Or visit the following URL, replacing NNNNNN with the revision number:
>
> <URL:https://svnweb.freebsd.org/base?view=3Drevision&revision=3DNNNNNN>
>
> VII. References
>
> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2016-1885>
>
> The latest revision of this advisory is available at
> <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:15.sysarch.
> asc>
> -----BEGIN PGP SIGNATURE-----
>
> iQIcBAEBCgAGBQJYD5VZAAoJEO1n7NZdz2rnYT4QAMmnfUBnxiNHfzaEDMe2oU+H
> WIVFzFtU5FTAm3wJ3JORU1euqhusDoB7D8nova30alM2bHHd86epBGgym1Q+hxR2
> qTI+d8QimvQUWelz7DWPh0h3ZNlVfDxY8vKlr5SS0W/HOMjbG/O6U1AIw5p7cPaa
> LkDpqo2IN8xBL6tJFUKNEQS/GzuU2HtfKhQK0/ojT4DW61AkOZn4SZzzYBz3iO4p
> a8Otv4+aHzyNjTZRm/33SrFzdG0RZWyT/WXsEHlv5NiXVMPML+oY918jppqClkoO
> pwjcneWTqgYrE4vvVOADKOlWyNa4jFmPQSW7MmNEaF4RMd8TMcE/cBTKOi41YuOp
> la1JzvtWUnou7oQqy/xKr0S/Wa2x6ZhR4vBg28fkfrQhn55N+qqDicQ3F907dOm5
> A0ERHKgImlWSGM+Sf2CJyrUJUNUye0bVQMhrM4e3psZ7Jr20IXjnhppr1mufCjTH
> H+aEHv43o/1HuoltnjstiBZ/CZpFdIXkBpsHtzteZR2y+pmZFA9bB4uZeeML0mj3
> /cxj8rgPRmcjk6nSsnLWhq2YEFAZBC/lv43wqSrXE9+BBpSh6zM5NCTPb50/dBqf
> V553uuGEvJlHmOAoveXxYyxKcGpgZAcgJjWpAkCpoVxgdrbtLcPY5Z+8cy8fMO3G
> YHOkZydbLPaXOXimZfut
> =3DNWuL
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security-notifications@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security-notificati
> ons To unsubscribe, send any mail to
> "freebsd-security-notifications-unsubscribe@freebsd.org"

--
Pawel Jakub Dawidek                       http://www.wheelsystems.com
FreeBSD committer                         http://www.FreeBSD.org
Am I Evil? Yes, I Am!                     http://mobter.com

Important Notice: The contents of this email are intended solely for the na=
med addressee and are confidential; any unauthorised use, reproduction or s=
torage of the contents is expressly prohibited. If you have received this e=
mail in error, please delete it and any attachments immediately and advise =
the sender by return email or telephone.

Deakin University does not warrant that this email and any attachments are =
error or virus free.