From owner-freebsd-security@freebsd.org Fri Apr 29 16:36:26 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B84A5B2138B for ; Fri, 29 Apr 2016 16:36:26 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id AA82D17DE; Fri, 29 Apr 2016 16:36:26 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by freefall.freebsd.org (Postfix) with ESMTP id F1237116C; Fri, 29 Apr 2016 16:36:25 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Date: Fri, 29 Apr 2016 06:46:36 +0000 From: Glen Barber To: gabor@zahemszky.hu Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp Message-ID: <20160429064636.GN1804@FreeBSD.org> References: <20160429082953.DB31D1769@freefall.freebsd.org> <9e6342a420259fec7bd21d6222cc6e05@zahemszky.hu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="EmwFttYoLalE/5Ab" Content-Disposition: inline In-Reply-To: <9e6342a420259fec7bd21d6222cc6e05@zahemszky.hu> X-Operating-System: FreeBSD 11.0-CURRENT amd64 X-SCUD-Definition: Sudden Completely Unexpected Dataloss X-SULE-Definition: Sudden Unexpected Learning Event X-PEKBAC-Definition: Problem Exists, Keyboard Between Admin/Computer User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2016 16:36:26 -0000 --EmwFttYoLalE/5Ab Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 29, 2016 at 01:13:21PM +0200, gabor@zahemszky.hu wrote: > >2) To update your vulnerable system via a binary patch: > > > >Systems running a RELEASE version of FreeBSD on the i386 or amd64 > >platforms can be updated via the freebsd-update(8) utility: > > > ># freebsd-update fetch > ># freebsd-update install >=20 > Both on an i386 and on an amd64 machine, I got: >=20 > =3D=3D=3D=3D > .... > Fetching metadasa signature for 10.3-RELEASE from update5.freebsd.org... > done > Fetching metadata index.... done >=20 > The update metadata is correctly signed, but > failed an integrity check. > Cowardly refusing to proceed any further. This is being investigated within secteam@. Glen --EmwFttYoLalE/5Ab Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXIwNMAAoJEAMUWKVHj+KT1boQAKFGYzLrD0g7krTy3kPo4lP+ ywAo8gW8rC4f0mcD5n3dkhreJHcAQjguRqFz3AeIHS770aJSTF+uojm0QqdxLjlO 04DLjKFcXDMarS6EZR+2afdPoGWyPKmPsDHxX+5mNOOpMnTbQEUy8Nb6gY7knLZZ ZYekcpvy/A0nhI/SGANGg5Oq96hdEjcr9z19P+3GC6yyE/eLaAYKIFMzQFXaSd0m 72m74MW88fBOzY2SKtxNB2mBQa6fMdn2/sQNmZkZpnH5xuNcJbYCMhTQ+2dVFey4 dQOwJ4LMfyObVIl20oOlefoWHaWccZ9qjhTCm0uojviilw4wSvqwoN/mLi0vUGCZ Dqs6wci04oD7lJLLYnc52B0OxbGc2Sb0UYFX+zUWHaer10O3CLVVf6ffUKEZDxIE /yul3h/N0sS7uQySZo89LofoJB9Y2dDCAPNVGlGFeSIi42u6R5KioK8s56wcVx9h ieNRoWHQPn05/jKJhmiR8UxA0J2PY7QyLPnYwiXMtRZ4Nbz5GDwUq4Q8CYYB+X2v PxioCB++qXLRrIC2sv7h/07SCgCjINzM6dJx3cG86STCtF4766a+HKqu4+u4Is0C ePV56XOs2ddCEWUxeVI4RIU7sgjjJHxuV81xcw2P+dT2ScfctH/zJzMXrKnUIryz 060A1qFAtVisx+TmykaA =BhCA -----END PGP SIGNATURE----- --EmwFttYoLalE/5Ab--