From owner-freebsd-security@freebsd.org Tue Nov 12 23:39:32 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4FA0D1BE90E for ; Tue, 12 Nov 2019 23:39:32 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47CPNM2Bmfz4GmB for ; Tue, 12 Nov 2019 23:39:30 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id Ufkri75xwnCigUfktitQJN; Tue, 12 Nov 2019 16:39:28 -0700 X-Authority-Analysis: v=2.3 cv=cZisUULM c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=8nJEP1OIZ-IA:10 a=MeAgGD-zjQ4A:10 a=_8di5KHbAAAA:8 a=PYnjg3YJAAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=gEzTYCfAMSTNLZ0SAIEA:9 a=wPNLvfGTeEIA:10 a=z0NWOAd74rtbdv5dRerE:22 a=96-UuAdfYG6OSYlHWuPe:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from slippy.cwsent.com (slippy8 [10.2.2.6]) by spqr.komquats.com (Postfix) with ESMTPS id 9235D4C7; Tue, 12 Nov 2019 15:39:24 -0800 (PST) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id xACNd4pi091062; Tue, 12 Nov 2019 15:39:04 -0800 (PST) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id xACNd4mP091059; Tue, 12 Nov 2019 15:39:04 -0800 (PST) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201911122339.xACNd4mP091059@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: mike tancsa cc: "freebsd-security@freebsd.org" Subject: Re: libarchive issue ? In-reply-to: <7a8b39d8-fd86-4d89-8893-4cf3bf34d447@sentex.net> References: <7a8b39d8-fd86-4d89-8893-4cf3bf34d447@sentex.net> Comments: In-reply-to mike tancsa message dated "Tue, 12 Nov 2019 15:10:40 -0500." Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Date: Tue, 12 Nov 2019 15:39:04 -0800 X-CMAE-Envelope: MS4wfAgQyNuCF2Zk5FiyvrScOimFhgSOFkEu//XrB6dJcQG7xulxcuu3m5wSBDRTVRkqKSKf6GHmXGM36LL6iMxIjrSIgY5g3j3vo7cRZAZIbY0gPiD4+7ht k9OH8/36mAJQ0YjXvkHxz8eZfsaif/MYkrTe7Mcb9QBMW7SqPM/S5VCEG2Tn5yOouvWpbOpd3GNitSr0I6PTAebCXjGn4s1Mk8V3LPKdwK13BUkwsbDRD9vt X-Rspamd-Queue-Id: 47CPNM2Bmfz4GmB X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; spf=none (mx1.freebsd.org: domain of cy.schubert@cschubert.com has no SPF policy when checking 64.59.134.13) smtp.mailfrom=cy.schubert@cschubert.com X-Spamd-Result: default: False [-3.07 / 15.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; IP_SCORE(-2.37)[ip: (-6.38), ipnet: 64.59.128.0/20(-3.03), asn: 6327(-2.34), country: CA(-0.09)]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com]; REPLYTO_EQ_FROM(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_SPF_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[13.134.59.64.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Nov 2019 23:39:32 -0000 In message <7a8b39d8-fd86-4d89-8893-4cf3bf34d447@sentex.net>, mike tancsa write s: > Hi, > >     I was thinking with the 2 intel CPU SAs, there would be an SA fo > libarchive issue ? > > https://nvd.nist.gov/vuln/detail/CVE-2019-18408 > > Or is FreeBSD not vulnerable to this particular issue ? I think as fix was > > __FBSDID("$FreeBSD: > stable/12/contrib/libarchive/libarchive/archive_read_support_filter_lz4.c > 353375 2019-10-09 22:18:01Z mm $"); > > but just wanted to make sure Parsing the commit log messages, we're beyond 3.4.0. Looks like we're ok. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.