From owner-svn-doc-head@freebsd.org Tue Nov 21 03:48:37 2017 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A404EDDCDE2; Tue, 21 Nov 2017 03:48:37 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7E0397C464; Tue, 21 Nov 2017 03:48:37 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id vAL3maCm035144; Tue, 21 Nov 2017 03:48:36 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id vAL3mahr035142; Tue, 21 Nov 2017 03:48:36 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201711210348.vAL3mahr035142@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 21 Nov 2017 03:48:36 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51209 - head/share/security/advisories X-SVN-Group: doc-head X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: head/share/security/advisories X-SVN-Commit-Revision: 51209 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2017 03:48:37 -0000 Author: gordon (src,ports committer) Date: Tue Nov 21 03:48:36 2017 New Revision: 51209 URL: https://svnweb.freebsd.org/changeset/doc/51209 Log: Update SA-17:08 and SA-17:10 to properly give credit to Ilja van Sprundel. Modified: head/share/security/advisories/FreeBSD-SA-17:08.ptrace.asc head/share/security/advisories/FreeBSD-SA-17:10.kldstat.asc Modified: head/share/security/advisories/FreeBSD-SA-17:08.ptrace.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-17:08.ptrace.asc Tue Nov 21 02:25:11 2017 (r51208) +++ head/share/security/advisories/FreeBSD-SA-17:08.ptrace.asc Tue Nov 21 03:48:36 2017 (r51209) @@ -10,7 +10,8 @@ Topic: Kernel data leak via ptrace(PT_LWPINFO Category: core Module: ptrace Announced: 2017-11-15 -Credits: John Baldwin +Credits: Ilja van Sprundel + John Baldwin Affects: All supported versions of FreeBSD. Corrected: 2017-11-10 12:28:43 UTC (stable/11, 11.1-STABLE) 2017-11-15 22:39:41 UTC (releng/11.1, 11.1-RELEASE-p4) @@ -24,6 +25,13 @@ For general information regarding FreeBSD Security Adv including descriptions of the fields above, security branches, and the following sections, please visit . +0. Revision history + +v1.0 2017-11-15 Initial release. +v1.1 2017-11-20 Corrected credit. Ilja van Sprundel first reported this + issue to the project, but wasn't cited. The FreeBSD + Security Team apologizes to Ilja for this oversight. + I. Background The ptrace(2) syscall provides the facility for a debugger to control the @@ -122,19 +130,19 @@ The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloMxftfFIAAAAAALgAo +iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloToMpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P -audQ+hAA2+cjqNVUJ/Polwo9cu61QxKLEXO1DItlMIFWBxpFpXXlRSLbqH+RGmaO -6aR4Q1xcOnLm8e57KcLFppl77uOZyO0IJ0lyK6P30ouSxuYIW3aHbW+p3pVYBE+J -aqF3mNxSh9xQRgXvxUB/CM3w/SMKkxXtkZMvhNSGFCShGQTNpjGfAgIwOZD8mNFi -WvYbPgzwfeE4tsaStZ91SZ8wf2nxdRXhybDXEOCAJvicP6IqYA1Zfr7RG2N3swK7 -JKLXW7tiVu+zbRYYFiWYX4FIWatIlsTjpD0GyuZs0j2PCEu80z1muFnrp/dGg3Bn -APGVzIrkFjKvmXfkuFZFPMWCL+u9cUgOMNGkMFDXrLppLL7aXCGrz3BWECg581Pr -dnUrrz/iEcXGDcnTJ3Ff+OidqdhdpVQz59Ek90TMd5iO+nZ+xeVjVzxdLHb82/wt -KlgXRpwTg3Q72xDSF84UmRSkk1M/V5AZMrZiy2RjIwtvLqIJ9ZpLAMnrwTTWRDjB -YurHHNWKjMVkdKCdbpBVGRjNmS6XYS6QukmA4M85d2r0Dmb8J6Gd6juHc3Essrz+ -3qEMKAcYsSWbQ5ZSMywUOzM74Dk+wUTf7jCJ1IsSqn8hYHOqvUSF0ftwXkdS1+cv -GT25iduAMCdTP15Qp57Wlhv9WCF8eOUoYKHiSpXcVa6XMqazLy4= -=Uqz2 +auf4EhAAkPiaUsEFju752S8RMKCC5LZtNMr++65TeX2I+QbvqR7jpcg8UhrVhonJ +0B/tEvaFcgYg8XjtHcRUMc5UzXRnZRu/a9+AzD2WbdZz/VqQSPVN1pAILXnYiZV4 +SbmbKoavKzzQyXD9HTiElWCaOSau1dZYJj9CkhMarN63H5A+PNSD+v2TOcsK7S9h +Yvt4EYjq64CNO7BYY9vIUQEZkJfaoh2lLTOQYbaAgNbEa1+V4l7Kctzx0HpfrvmP +GyUyuvyIsBrtQA9xOYdhiet4qiORTNgVEsZc5k5mnpvvOOAyC5Ela/pqIM6VBmgv +9PS3RZkoEFblcJWbDb48sNfqVxXxG7NHMsun5YXA0eglmNQC/+pwibUZeJ4sTPLd +3qkm1uPxmHJPvp6zu/uVJSc+f8uJtMl7i2XmNVg0bdzzvcNkiCYR6TdhqZbDlJ+s +BjgSVjY5tH83t9F8yaenKBrtHLk3ybwKBMQ/T/nwfBnZtUtN6n3EHTWZxrroilCB +ein8XGKu4G2NuPcnY8X4Yn13LWHe/b46tj1nkvp+qkb+tN9tg7rsueoyJqLdM3k2 +/KxAPKNgAgP05r7hIgJGEtblTaxvLIP+RvkuyRW9B0XSxfYUNPd9anIOQTMCTm3L +WFSYxQaW823LiKA3DvC7rw+8k9Jmcc7dVXaN1pwQMAroAxGhBM0= +=E16f -----END PGP SIGNATURE----- Modified: head/share/security/advisories/FreeBSD-SA-17:10.kldstat.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-17:10.kldstat.asc Tue Nov 21 02:25:11 2017 (r51208) +++ head/share/security/advisories/FreeBSD-SA-17:10.kldstat.asc Tue Nov 21 03:48:36 2017 (r51209) @@ -10,7 +10,8 @@ Topic: Information leak in kldstat(2) Category: core Module: kernel Announced: 2017-11-15 -Credits: TJ Corley +Credits: Ilja van Sprundel + TJ Corley Affects: All supported versions of FreeBSD. Corrected: 2017-11-15 22:34:15 UTC (stable/11, 11.1-STABLE) 2017-11-15 22:49:47 UTC (releng/11.1, 11.1-RELEASE-p4) @@ -24,6 +25,13 @@ For general information regarding FreeBSD Security Adv including descriptions of the fields above, security branches, and the following sections, please visit . +0. Revision history + +v1.0 2017-11-15 Initial release. +v1.1 2017-11-20 Corrected credit. Ilja van Sprundel first reported the + issue to the project, but wasn't cited. The FreeBSD + Security Team apologizes to Ilja for this oversight. + I. Background The kldstat(2) syscall provides information about loaded kld files. The @@ -118,19 +126,19 @@ The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloMxhRfFIAAAAAALgAo +iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloToOxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P -audjZhAA29uguakBjkQtnAlWceN0BOQlkp03iYQh61dFpdH98f7RQcr5cq77XKrM -pkONtdEVbZNF9g6sly6n9dq5ivAuC9K1KGPtylMcPzHLTzDtV1B13vk2iwwgqkZ7 -GgB+m305kcL85knaASn3PBYwKTKzGOrhZFUZuTTI4VAnbbEmIwTHnJlVHvNwFDIj -je1XxdDBr4jq7SdCZH8YW9LZAMDi9b+0hg72u20ZQ66uNeadxN4i9DuWtMeHJHb7 -2aZRtHhdw4imryUpHM4FnCp5zp9V87Gyv4wy7IrkOKYtbl4nWqxqVakL7T9yVmY5 -Q4cGqreYq8bF2aM3LyT26VmDfMOovovHJpCRHf9fvlIMj6ajS39FKWMkEeU23ykg -EiTNk090h/G3REWiPnWjbxt8VGnFGyLe3K1VQqUvS+LlQ4lc45WCJnEHcpbvXT/E -TNTQ/85nE4BklV1d9wiLy26C21W92IguZam0HdRYJHgEc9Mug+62MfqDzHf0w5HP -3pu8IV5KMwEjGxzaiDMETIZU+K5fkdzPDNBhscxZ6OOab4zQ0+pZgdT1CSbXV6Ru -xuOjSyBdz5vVdbq/298VJJ7hNyoP1MgnyaxPrG2ImNDKjUGqbtOgv0m3ISqtsyfs -pEvyO2MxWWZqdNhtGJuQpOYyzAMxfJdmdOz1PMFFayQiBR7F0ao= -=N2rs +audl/RAAkPqcGvCMAHucBtZH2sySvM/1L1NTl0I61eJaDqgnjooo3hRq5J/dlNlt +zo48o2W0EOnr8QWJhVg1oADY5qxBVm8RldpAH1Y7lU1Pk1gw6buTvmlat9Y0TaRm +i3WCYe/yzC9X50x12dSu2QCeir+HDHrHB72KQDxPJak21e8BKq8vSq4cV3+K32IF +MmC0yTkwXM7JJti1wkztiNSwvcCT5cI0EOZrHxDOJk57zhmuUw3t+42mr4uZhLpd +Um/Hmqt3TS1LlL/swCcayeJGI5lrnfnIMZEUJj9aJZcRry6xrtaeppvgm3rP8Bym +IYBipTU16MGVU6PEdpxXZCkmhzrb5XkAHNnRbod/Ye4g5a+3tWeaivjxbrNRsJyc +7HkuvW41LX1+hJ2DJ/IJGKhz0yP+7//pXNJIkcF1iKOVnVIxz+49KPjj3ZHYhGu2 +oI/w4EMTd4ODXmE+bZkwGGm3nbxlH3AIZmBL2x1MdmfO/NjUlB3tYupZ7K/wR/PD +V0OdrZTua7EpYSUDg04xuNkkxRwFMIVQ3XtE1HNCuV0BtQqZOcecKh9Alci5ZT6n +r+F3HhFthNsafwdXLka5zDev/qtSSxggZ75fj+BxPfCoQZSlYkegFg/9K1hXlE+c +H22TsCXMpLokZUKj2XKJQ8RsEZQ5Yr6wEFjsWHoeK5CPh/DyAYE= +=dgLX -----END PGP SIGNATURE-----