From owner-freebsd-security@freebsd.org Wed May 15 03:07:41 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 624B315A6601 for ; Wed, 15 May 2019 03:07:41 +0000 (UTC) (envelope-from 361163@163.com) Received: from proxy22674.mail.163.com (proxy22674.mail.163.com [113.108.226.74]) by mx1.freebsd.org (Postfix) with ESMTP id 8F54D6DB8C for ; Wed, 15 May 2019 03:07:38 +0000 (UTC) (envelope-from 361163@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=Date:From:Subject:MIME-Version:Message-ID; bh=H+uYe JMnD3xGL/Wf3+ubOlK7UJYnAgoKgzStte/Um9Y=; b=GCGHnIgGZieeiWTdjVwth DSwvzlt7MJ+uQ5lFQlRax5DkcG6HE0dp3gp+iQg7qxpyFBS04x3RUqvXeLk/MOeB B0Reoues91gywihbR0h3/S/tlcHmPxOJdKhh/yaLdh0xeuGOIWV7sMMeAkv3Y8du 0FDl70MRayjXnb9BlLkJzA= Received: from 361163$163.com ( [124.64.17.157] ) by ajax-webmail-wmsvr105 (Coremail) ; Wed, 15 May 2019 10:36:55 +0800 (GMT+08:00) X-Originating-IP: [124.64.17.157] Date: Wed, 15 May 2019 10:36:55 +0800 (GMT+08:00) From: 361163 <361163@163.com> To: freebsd-security Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19: 07.mds X-Priority: 3 X-Mailer: Coremail Webmail Server Version SP_ntes V3.5 build 20180820(5a019900) Copyright (c) 2002-2019 www.mailtech.cn 163com In-Reply-To: <20190515000302.4BFF51AB7B@freefall.freebsd.org> References: <20190515000302.4BFF51AB7B@freefall.freebsd.org> MIME-Version: 1.0 Message-ID: <39f66405.9747.16ab9598fe6.Coremail.361163@163.com> X-Coremail-Locale: zh_CN X-CM-TRANSID: acGowADn9plHe9tcAO0bAA--.62122W X-CM-SenderInfo: itwrilqt6rljoofrz/1tbiPhe1I1xBbQahlAABs9 X-Coremail-Antispam: 1U5529EdanIXcx71UUUUU7vcSsGvfC2KfnxnUU== X-Rspamd-Queue-Id: 8F54D6DB8C X-Spamd-Bar: ++++++++++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=163.com header.s=s110527 header.b=GCGHnIgG; dmarc=pass (policy=none) header.from=163.com; spf=pass (mx1.freebsd.org: domain of 361163@163.com designates 113.108.226.74 as permitted sender) smtp.mailfrom=361163@163.com X-Spamd-Result: default: False [10.06 / 15.00]; HAS_XOIP(0.00)[]; FREEMAIL_FROM(0.00)[163.com]; R_SPF_ALLOW(-0.20)[+ip4:113.108.226.64/26]; ZERO_FONT(0.10)[1]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[163.com:+]; DMARC_POLICY_ALLOW(-0.50)[163.com,none]; MIME_BASE64_TEXT(0.10)[]; HAS_X_PRIO_THREE(0.00)[3]; MX_GOOD(-0.01)[cached: 163mx00.mxmail.netease.com]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[163.com]; ASN(0.00)[asn:58466, ipnet:113.108.224.0/20, country:CN]; IP_SCORE(1.74)[ip: (4.20), ipnet: 113.108.224.0/20(2.10), asn: 58466(2.38), country: CN(0.02)]; DWL_DNSWL_NONE(0.00)[163.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[163.com:s=s110527]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(0.98)[0.984,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; NEURAL_SPAM_MEDIUM(0.99)[0.994,0]; RCPT_COUNT_ONE(0.00)[1]; MANY_INVISIBLE_PARTS(0.05)[1]; NEURAL_SPAM_LONG(1.00)[1.000,0]; MID_CONTAINS_FROM(1.00)[]; R_SUSPICIOUS_URL(5.00)[maas.mail.163.com,mail-online.nosdn.127.net]; RCVD_COUNT_TWO(0.00)[2]; GREYLIST(0.00)[pass,body] X-Spam: Yes Content-Type: text/plain; charset=GBK Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 May 2019 03:07:41 -0000 ZnJlZWJzZC1zZWN1cml0eS11bnN1YnNjcmliZUBmcmVlYnNkLm9yZwoKCgoKfCB8CjM2MTE2MwrT ys/ko7ozNjExNjNAMTYzLmNvbQp8CgpTaWduYXR1cmUgaXMgY3VzdG9taXplZCBieSBOZXRlYXNl IE1haWwgTWFzdGVyCgpPbiAwNS8xNS8yMDE5IDA4OjAzLCBGcmVlQlNEIFNlY3VyaXR5IEFkdmlz b3JpZXMgd3JvdGU6Ci0tLS0tQkVHSU4gUEdQIFNJR05FRCBNRVNTQUdFLS0tLS0KSGFzaDogU0hB NTEyCgo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PQpGcmVlQlNELVNBLTE5OjA3Lm1kcyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBTZWN1cml0eSBBZHZpc29yeQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGUgRnJlZUJT RCBQcm9qZWN0CgpUb3BpYzogICAgICAgICAgTWljcm9hcmNoaXRlY3R1cmFsIERhdGEgU2FtcGxp bmcgKE1EUykKCkNhdGVnb3J5OiAgICAgICBjb3JlCk1vZHVsZTogICAgICAgICBrZXJuZWwKQW5u b3VuY2VkOiAgICAgIDIwMTktMDUtMTQKQ3JlZGl0czogICAgICAgIFJlZmVyIHRvIEludGVsJ3Mg c2VjdXJpdHkgYWR2aXNvcnkgYXQgdGhlIFVSTCBiZWxvdyBmb3IKICAgICAgICAgICAgICAgZGV0 YWlsZWQgYWNrbm93bGVkZ2VtZW50cy4KQWZmZWN0czogICAgICAgIEFsbCBzdXBwb3J0ZWQgdmVy c2lvbnMgb2YgRnJlZUJTRC4KQ29ycmVjdGVkOiAgICAgIDIwMTktMDUtMTQgMTc6MDQ6MDAgVVRD IChzdGFibGUvMTIsIDEyLjAtU1RBQkxFKQogICAgICAgICAgICAgICAyMDE5LTA1LTE0IDIzOjE5 OjA4IFVUQyAocmVsZW5nLzEyLjAsIDEyLjAtUkVMRUFTRS1wNCkKICAgICAgICAgICAgICAgMjAx OS0wNS0xNCAxNzowNTowMiBVVEMgKHN0YWJsZS8xMSwgMTEuMy1QUkVSRUxFQVNFKQogICAgICAg ICAgICAgICAyMDE5LTA1LTE0IDIzOjIwOjE2IFVUQyAocmVsZW5nLzExLjIsIDExLjItUkVMRUFT RS1wMTApCkNWRSBOYW1lOiAgICAgICBDVkUtMjAxOC0xMjEyNiwgQ1ZFLTIwMTgtMTIxMjcsIENW RS0yMDE4LTEyMTMwLAogICAgICAgQ1ZFLTIwMTktMTEwOTEKCkZvciBnZW5lcmFsIGluZm9ybWF0 aW9uIHJlZ2FyZGluZyBGcmVlQlNEIFNlY3VyaXR5IEFkdmlzb3JpZXMsCmluY2x1ZGluZyBkZXNj cmlwdGlvbnMgb2YgdGhlIGZpZWxkcyBhYm92ZSwgc2VjdXJpdHkgYnJhbmNoZXMsIGFuZCB0aGUK Zm9sbG93aW5nIHNlY3Rpb25zLCBwbGVhc2UgdmlzaXQgPFVSTDpodHRwczovL3NlY3VyaXR5LkZy ZWVCU0Qub3JnLz4uCgpJLiAgIEJhY2tncm91bmQKCk1vZGVybiBwcm9jZXNzb3JzIG1ha2UgdXNl IG9mIHNwZWN1bGF0aXZlIGV4ZWN1dGlvbiwgYW4gb3B0aW1pemF0aW9uCnRlY2huaXF1ZSB3aGlj aCBwZXJmb3JtcyBzb21lIGFjdGlvbiBpbiBhZHZhbmNlIG9mIGtub3dpbmcgd2hldGhlciB0aGUK cmVzdWx0IHdpbGwgYWN0dWFsbHkgYmUgdXNlZC4KCklJLiAgUHJvYmxlbSBEZXNjcmlwdGlvbgoK T24gc29tZSBJbnRlbCBwcm9jZXNzb3JzIHV0aWxpemluZyBzcGVjdWxhdGl2ZSBleGVjdXRpb24g YSBsb2NhbCBwcm9jZXNzIG1heQpiZSBhYmxlIHRvIGluZmVyIHN0YWxlIGluZm9ybWF0aW9uIGZy b20gbWljcm9hcmNoaXRlY3R1cmFsIGJ1ZmZlcnMgdG8gb2J0YWluCmEgbWVtb3J5IGRpc2Nsb3N1 cmUuCgpJSUkuIEltcGFjdAoKQW4gYXR0YWNrZXIgbWF5IGJlIGFibGUgdG8gcmVhZCBzZWNyZXQg ZGF0YSBmcm9tIHRoZSBrZXJuZWwgb3IgZnJvbSBhCnByb2Nlc3Mgd2hlbiBleGVjdXRpbmcgdW50 cnVzdGVkIGNvZGUgKGZvciBleGFtcGxlLCBpbiBhIHdlYiBicm93c2VyKS4KCklWLiAgV29ya2Fy b3VuZAoKTm8gd29ya2Fyb3VuZCBpcyBhdmFpbGFibGUuCgpTeXN0ZW1zIHdpdGggdXNlcnMgb3Ig cHJvY2Vzc29ycyBpbiBkaWZmZXJlbnQgdHJ1c3QgZG9tYWlucyBzaG91bGQgZGlzYWJsZQpIeXBl ci1UaHJlYWRpbmcgYnkgc2V0dGluZyB0aGUgbWFjaGRlcC5oeXBlcnRocmVhZGluZ19hbGxvd2Vk IHR1bmFibGUgdG8gMDoKCiMgZWNobyAnbWFjaGRlcC5oeXBlcnRocmVhZGluZ19hbGxvd2VkPTAg Pj4gL2Jvb3QvbG9hZGVyLmNvbmYnCiMgc2h1dGRvd24KClYuICAgU29sdXRpb24KClBlcmZvcm0g b25lIG9mIHRoZSBmb2xsb3dpbmc6CgpVcGRhdGUgQ1BVIG1pY3JvY29kZSwgdXBncmFkZSB5b3Vy IHZ1bG5lcmFibGUgc3lzdGVtIHRvIGEgc3VwcG9ydGVkIEZyZWVCU0QKc3RhYmxlIG9yIHJlbGVh c2UgLyBzZWN1cml0eSBicmFuY2ggKHJlbGVuZykgZGF0ZWQgYWZ0ZXIgdGhlIGNvcnJlY3Rpb24g ZGF0ZSwKZXZhbHVhdGUgbWl0aWdhdGlvbiBhbmQgSHlwZXIgVGhyZWFkaW5nIGNvbnRyb2xzLCBh bmQgcmVib290IHRoZSBzeXN0ZW0uCgpOZXcgQ1BVIG1pY3JvY29kZSBtYXkgYmUgYXZhaWxhYmxl IGluIGEgQklPUyB1cGRhdGUgZnJvbSB5b3VyIHN5c3RlbSB2ZW5kb3IsCm9yIGJ5IGluc3RhbGxp bmcgdGhlIGRldmNwdS1kYXRhIHBhY2thZ2Ugb3Igc3lzdXRpbHMvZGV2Y3B1LWRhdGEgcG9ydC4K RW5zdXJlIHRoYXQgdGhlIEJJT1MgdXBkYXRlIG9yIGRldmNwdS1kYXRhIHBhY2thZ2UgaXMgZGF0 ZWQgYWZ0ZXIgMjAxNC0wNS0xNC4KCklmIHVzaW5nIHRoZSBwYWNrYWdlIG9yIHBvcnQgdGhlIG1p Y3JvY29kZSB1cGRhdGUgY2FuIGJlIGFwcGxpZWQgYXQgYm9vdCB0aW1lCmJ5IGFkZGluZyB0aGUg Zm9sbG93aW5nIGxpbmVzIHRvIHRoZSBzeXN0ZW0ncyAvYm9vdC9sb2FkZXIuY29uZjoKCmNwdV9t aWNyb2NvZGVfbG9hZD0iWUVTIgpjcHVfbWljcm9jb2RlX25hbWU9Ii9ib290L2Zpcm13YXJlL2lu dGVsLXVjb2RlLmJpbiIKCk1pY3JvY29kZSB1cGRhdGVzIGNhbiBhbHNvIGJlIGFwcGxpZWQgd2hp bGUgdGhlIHN5c3RlbSBpcyBydW5uaW5nLiAgU2VlCmNwdWNvbnRyb2woOCkgZm9yIGRldGFpbHMu CgoxKSBUbyB1cGRhdGUgeW91ciB2dWxuZXJhYmxlIHN5c3RlbSB2aWEgYSBiaW5hcnkgcGF0Y2g6 CgpTeXN0ZW1zIHJ1bm5pbmcgYSBSRUxFQVNFIHZlcnNpb24gb2YgRnJlZUJTRCBvbiB0aGUgaTM4 NiBvciBhbWQ2NApwbGF0Zm9ybXMgY2FuIGJlIHVwZGF0ZWQgdmlhIHRoZSBmcmVlYnNkLXVwZGF0 ZSg4KSB1dGlsaXR5OgoKIyBmcmVlYnNkLXVwZGF0ZSBmZXRjaAojIGZyZWVic2QtdXBkYXRlIGlu c3RhbGwKCkZvbGxvdyBhZGRpdGlvbmFsIGRldGFpbHMgdW5kZXIgIk1pdGlnYXRpb24gQ29uZmln dXJhdGlvbiIgYmVsb3cuCgoyKSBUbyB1cGRhdGUgeW91ciB2dWxuZXJhYmxlIHN5c3RlbSB2aWEg YSBzb3VyY2UgY29kZSBwYXRjaDoKClRoZSBmb2xsb3dpbmcgcGF0Y2hlcyBoYXZlIGJlZW4gdmVy aWZpZWQgdG8gYXBwbHkgdG8gdGhlIGFwcGxpY2FibGUKRnJlZUJTRCByZWxlYXNlIGJyYW5jaGVz LgoKYSkgRG93bmxvYWQgdGhlIHJlbGV2YW50IHBhdGNoIGZyb20gdGhlIGxvY2F0aW9uIGJlbG93 LCBhbmQgdmVyaWZ5IHRoZQpkZXRhY2hlZCBQR1Agc2lnbmF0dXJlIHVzaW5nIHlvdXIgUEdQIHV0 aWxpdHkuCgpbRnJlZUJTRCAxMi4wLVNUQUJMRV0KIyBmZXRjaCBodHRwczovL3NlY3VyaXR5LkZy ZWVCU0Qub3JnL3BhdGNoZXMvU0EtMTk6MDcvbWRzLjEyLXN0YWJsZS5wYXRjaAojIGZldGNoIGh0 dHBzOi8vc2VjdXJpdHkuRnJlZUJTRC5vcmcvcGF0Y2hlcy9TQS0xOTowNy9tZHMuMTItc3RhYmxl LnBhdGNoLmFzYwojIGdwZyAtLXZlcmlmeSBtZHMuMTItc3RhYmxlLnBhdGNoLmFzYwoKW0ZyZWVC U0QgMTIuMC1SRUxFQVNFXQojIGZldGNoIGh0dHBzOi8vc2VjdXJpdHkuRnJlZUJTRC5vcmcvcGF0 Y2hlcy9TQS0xOTowNy9tZHMuMTIuMC5wYXRjaAojIGZldGNoIGh0dHBzOi8vc2VjdXJpdHkuRnJl ZUJTRC5vcmcvcGF0Y2hlcy9TQS0xOTowNy9tZHMuMTIuMC5wYXRjaC5hc2MKIyBncGcgLS12ZXJp ZnkgbWRzLjEyLjAucGF0Y2guYXNjCgpbRnJlZUJTRCAxMS4zLVBSRVJFTEVBU0VdCiMgZmV0Y2gg aHR0cHM6Ly9zZWN1cml0eS5GcmVlQlNELm9yZy9wYXRjaGVzL1NBLTE5OjA3L21kcy4xMS1zdGFi bGUucGF0Y2gKIyBmZXRjaCBodHRwczovL3NlY3VyaXR5LkZyZWVCU0Qub3JnL3BhdGNoZXMvU0Et MTk6MDcvbWRzLjExLXN0YWJsZS5wYXRjaC5hc2MKIyBncGcgLS12ZXJpZnkgbWRzLjExLXN0YWJs ZS5wYXRjaC5hc2MKCltGcmVlQlNEIDExLjItUkVMRUFTRV0KIyBmZXRjaCBodHRwczovL3NlY3Vy aXR5LkZyZWVCU0Qub3JnL3BhdGNoZXMvU0EtMTk6MDcvbWRzLjExLjIucGF0Y2gKIyBmZXRjaCBo dHRwczovL3NlY3VyaXR5LkZyZWVCU0Qub3JnL3BhdGNoZXMvU0EtMTk6MDcvbWRzLjExLjIucGF0 Y2guYXNjCiMgZ3BnIC0tdmVyaWZ5IG1kcy4xMS4yLnBhdGNoLmFzYwoKYikgQXBwbHkgdGhlIHBh dGNoLiAgRXhlY3V0ZSB0aGUgZm9sbG93aW5nIGNvbW1hbmRzIGFzIHJvb3Q6CgojIGNkIC91c3Iv c3JjCiMgcGF0Y2ggPCAvcGF0aC90by9wYXRjaAoKYykgUmVjb21waWxlIHlvdXIga2VybmVsIGFz IGRlc2NyaWJlZCBpbgo8VVJMOmh0dHBzOi8vd3d3LkZyZWVCU0Qub3JnL2hhbmRib29rL2tlcm5l bGNvbmZpZy5odG1sPi4KCk1pdGlnYXRpb24gQ29uZmlndXJhdGlvbgoKU3lzdGVtcyB3aXRoIHVz ZXJzLCBwcm9jZXNzZXMsIG9yIHZpcnR1YWwgbWFjaGluZXMgaW4gZGlmZmVyZW50IHRydXN0CmRv bWFpbnMgc2hvdWxkIGRpc2FibGUgSHlwZXItVGhyZWFkaW5nIGJ5IHNldHRpbmcgdGhlCm1hY2hk ZXAuaHlwZXJ0aHJlYWRpbmdfYWxsb3dlZCB0dW5hYmxlIHRvIDA6CgojIGVjaG8gbWFjaGRlcC5o eXBlcnRocmVhZGluZ19hbGxvd2VkPTAgPj4gL2Jvb3QvbG9hZGVyLmNvbmYKClRvIGFjdGl2YXRl IHRoZSBNRFMgbWl0aWdhdGlvbiBzZXQgdGhlIGh3Lm1kc19kaXNhYmxlIHN5c2N0bC4gIFRoZSBz ZXR0aW5ncwphcmU6CgowIC0gbWl0aWdhdGlvbiBkaXNhYmxlZAoxIC0gVkVSVyBpbnN0cnVjdGlv biAobWljcm9jb2RlKSBtaXRpZ2F0aW9uIGVuYWJsZWQKMiAtIFNvZnR3YXJlIHNlcXVlbmNlIG1p dGlnYXRpb24gZW5hYmxlZCAobm90IHJlY29tbWVuZGVkKQozIC0gQXV0b21hdGljIFZFUlcgb3Ig U29mdHdhcmUgc2VsZWN0aW9uCgpBdXRvbWF0aWMgbW9kZSB1c2VzIHRoZSBWRVJXIGluc3RydWN0 aW9uIGlmIHN1cHBvcnRlZCBieSB0aGUgQ1BVIC8gbWljcm9jb2RlLApvciBzb2Z0d2FyZSBzZXF1 ZW5jZXMgaWYgbm90LiAgVG8gZW5hYmxlIGF1dG9tYXRpYyBtb2RlIGF0IGJvb3Q6CgojIGVjaG8g aHcubWRzX2Rpc2FibGU9MyA+PiAvZXRjL3N5c2N0bC5jb25mCgpSZWJvb3QgdGhlIHN5c3RlbToK CiMgc2h1dGRvd24gLXIgKzEwbWluICJTZWN1cml0eSB1cGRhdGUiCgpDaGVjayB0aGUgbWl0aWdh dGlvbiBzdGF0dXM6CgojIHN5c2N0bCBody5tZHNfZGlzYWJsZV9zdGF0ZQpody5tZHNfZGlzYWJs ZV9zdGF0ZTogc29mdHdhcmUgU2lsdmVybW9udAoKVkkuICBDb3JyZWN0aW9uIGRldGFpbHMKClRo ZSBmb2xsb3dpbmcgbGlzdCBjb250YWlucyB0aGUgY29ycmVjdGlvbiByZXZpc2lvbiBudW1iZXJz IGZvciBlYWNoCmFmZmVjdGVkIGJyYW5jaC4KCkJyYW5jaC9wYXRoICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUmV2aXNpb24KLSAtLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tCnN0YWJsZS8xMi8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHIzNDc1NjcKcmVsZW5nLzEyLjAvICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcjM0NjU5NApzdGFibGUvMTEvICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICByMzQ3NTY4 CnJlbGVuZy8xMS4yLyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHIzNDc1OTUKLSAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCgpUbyBzZWUgd2hpY2ggZmlsZXMg d2VyZSBtb2RpZmllZCBieSBhIHBhcnRpY3VsYXIgcmV2aXNpb24sIHJ1biB0aGUKZm9sbG93aW5n IGNvbW1hbmQsIHJlcGxhY2luZyBOTk5OTk4gd2l0aCB0aGUgcmV2aXNpb24gbnVtYmVyLCBvbiBh Cm1hY2hpbmUgd2l0aCBTdWJ2ZXJzaW9uIGluc3RhbGxlZDoKCiMgc3ZuIGRpZmYgLWNOTk5OTk4g LS1zdW1tYXJpemUgc3ZuOi8vc3ZuLmZyZWVic2Qub3JnL2Jhc2UKCk9yIHZpc2l0IHRoZSBmb2xs b3dpbmcgVVJMLCByZXBsYWNpbmcgTk5OTk5OIHdpdGggdGhlIHJldmlzaW9uIG51bWJlcjoKCjxV Ukw6aHR0cHM6Ly9zdm53ZWIuZnJlZWJzZC5vcmcvYmFzZT92aWV3PXJldmlzaW9uJnJldmlzaW9u PU5OTk5OTj4KClZJSS4gUmVmZXJlbmNlcwoKPFVSTDpodHRwczovL3d3dy5pbnRlbC5jb20vY29u dGVudC93d3cvdXMvZW4vc2VjdXJpdHktY2VudGVyL2Fkdmlzb3J5L2ludGVsLXNhLTAwMjMzLmh0 bWw+CjxVUkw6aHR0cHM6Ly93d3cuaW50ZWwuY29tL2NvbnRlbnQvd3d3L3VzL2VuL2FyY2hpdGVj dHVyZS1hbmQtdGVjaG5vbG9neS9tZHMuaHRtbD4KClRoZSBsYXRlc3QgcmV2aXNpb24gb2YgdGhp cyBhZHZpc29yeSBpcyBhdmFpbGFibGUgYXQKPFVSTDpodHRwczovL3NlY3VyaXR5LkZyZWVCU0Qu b3JnL2Fkdmlzb3JpZXMvRnJlZUJTRC1TQS0xOTowNy5tZHMuYXNjPgotLS0tLUJFR0lOIFBHUCBT SUdOQVRVUkUtLS0tLQoKaVFLVEJBRUJDZ0I5RmlFRS9BNkhpdVd2NTRnQ2pXTlYwNWVTOUo2bjVj SUZBbHpiVHNwZkZJQUFBQUFBTGdBbwphWE56ZFdWeUxXWndja0J1YjNSaGRHbHZibk11YjNCbGJu Qm5jQzVtYVdaMGFHaHZjbk5sYldGdUxtNWxkRVpECk1FVTROemhCUlRWQlJrVTNPRGd3TWpoRU5q TTFOVVF6T1RjNU1rWTBPVVZCTjBVMVF6SUFDZ2tRMDVlUzlKNm4KNWNLY3lBLy9abEphNWVvTnQw TDJwY1dBanVrZjFYKy9pVGpIdi90M3dXY2xFZnVQdjJTOWxPNVNEbHd4VVY1eAp3b0dreGNJajdU cDUxSEpaUkJqbjYyeC9jd2Q2Q2picHhzWVBVdlJzMU5rcnVqODIvcDZZajVuU1lyRENxcWoxCms4 NGh5Q2owWTZWMk53YkJFUFROWHFxUGJPbWlkMFIzR3JRSmsxSlhaMXpUZjhWSEd4cnF1WHAxeFA3 UElQU1gKR1dZdXAwazRlZE1DWTJtYkJiOFFRUW1RU2c2UzJrNmVabnZGOUFaVWdhNXBNN0ZHWUxv MHJQSE5WSHgrdGU4MwpUSHZtbnJKWG5DUjVBRWpxbXN1Ynh3Ri9wK0huZUprZTdISnhqMUdqb2t6 Rmd6VHozQzlYM3ZVV0hlZHdsVm9ECkJ6ZXFTZ1dEMGljZ0pNWWw4eEdhYmVSelhqNDl0SXpyQyt0 d2RYTXRUTGlESUtHeGFSeHFHVlRNSFlIZ2g0NGgKR2lsZ1o2MFg0bThlNE51emY4eGNRMVgyL1FM dmZXd1pSK3pVelF3T2lLVm9OcDduUEo1bThucjFzOWFucURkbApuMWZKdzN0cXcrOGFudDU4azcx SUtENWxDVjBLaEpYZ0QvS2QzVFpXdTlhNG1uTWx2dUpXWWJFS0V2eFNsdlRoCmdoT1JDU2crT0JF Z04vL3Q5YS8zVWFBT3pxS2lqa042SWF1MUpwTXJGTnRCT1hnT08xN0IxalFHejFSMlZLS2IKbXU1 Z290RFFxa2RRb2NOKzk0c0I4VDNmb3VTYTZ1YjJjVW94MzQrRG5ncXh1RmVNdjZGZmcxby9aNEMw bVJVdQpiVmR6UHJzVWFpL1o3Ty9rQnBVRjZkZHNCR3NEWFdFbGZvOWZsZmJKb25MY1luZFd5V2M9 Cj1RVVlsCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQpfX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fXwpmcmVlYnNkLXNlY3VyaXR5QGZyZWVic2Qub3JnIG1h aWxpbmcgbGlzdApodHRwczovL2xpc3RzLmZyZWVic2Qub3JnL21haWxtYW4vbGlzdGluZm8vZnJl ZWJzZC1zZWN1cml0eQpUbyB1bnN1YnNjcmliZSwgc2VuZCBhbnkgbWFpbCB0byAiZnJlZWJzZC1z ZWN1cml0eS11bnN1YnNjcmliZUBmcmVlYnNkLm9yZyIK From owner-freebsd-security@freebsd.org Wed May 15 07:24:56 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5611815AD726; Wed, 15 May 2019 07:24:56 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-it1-x143.google.com (mail-it1-x143.google.com [IPv6:2607:f8b0:4864:20::143]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5EF3576ECB; Wed, 15 May 2019 07:24:55 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-it1-x143.google.com with SMTP id i10so3262782ite.0; Wed, 15 May 2019 00:24:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=ff2vnuTJ8mVasrGzW/jV7iv0+IfZqncyo3mRVX58xZc=; b=K0iZt629PfrbftqB4vzxsIC9/G/rg/WToYNXLtuGd5ai1rtt8/CsmzDM5L33WT9xdR EZYcceq2f9hEHj918HovmFuaolzmB56guQJ/1pWinFW8npoilPVxEnh7loDriUbWm7kB 8IS/lD3GhoPF+VWSv9yvs+Sl5c7aI7n3KLeOanbqTUFLI+hVP8ODTxYiLhPOGujp9ZzR n+X8stC2lcT5GpYeaOFtslf/T3vSMz3gBEtubJf65XCE6yQhzI9K4fjFiBxS6c3YWdyu MSFE98GuXo9rKfAspF3zHyrfVw/TVsNHhS9OMfr/ytxM4SrzgaLFrJooSbrqsYK3R/8Q s6Lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=ff2vnuTJ8mVasrGzW/jV7iv0+IfZqncyo3mRVX58xZc=; b=h6Vl/bpjEsrBGdOZHQMtmVykqeQRyw8C+h1ES6N1Ljala06do2WACnUoBWsCirESbo 5lvoAtgBoD4IwkdbrKJ2ueo5/JV/qAsUJgcXmxzDemezL2xLsmu1yE7aoSHzNm+Iz2pH eTW1QfCUUBzBRMRDxT23fzxx9vO0x+W37ZlOoYPyQqzSi30dD68enpz/tyH+VjbN84kB p27hxJWf6YzA8YpX6vrlhljEfYEk2USugcpEkXMYF4UzUkhC/eQ1ou+/ErR0bJkGjXTc Ok4nKKjq3EBPZ70mPrh0HVazztUYnHd7XzV2L+3cfCRZIDz3UxDwWOXV7Sl6muCY3ikR Ly3A== X-Gm-Message-State: APjAAAXZUMZRWy0PQmwXWQqcWu3EopUIKqul4pp9Cp/vdOGQr0l1WfzB k0jAMYuJ4AyAWWXOVfdJSNTaFchvrf+YFpZSwmxmhna3 X-Google-Smtp-Source: APXvYqw/oLTRcXUXBaEuDzhRcZ+oSHCd+iy8GAO1fKmdLOielmzktjf+ZVECCUNAnncsgjjPmSuoOmBISZs+8jPwhjo= X-Received: by 2002:a24:ac11:: with SMTP id s17mr6412332ite.132.1557905094444; Wed, 15 May 2019 00:24:54 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:a619:0:0:0:0:0 with HTTP; Wed, 15 May 2019 00:24:54 -0700 (PDT) From: grarpamp Date: Wed, 15 May 2019 03:24:54 -0400 Message-ID: Subject: ZombieLoad Attack: Intel Exploits You... Again! To: freebsd-security@freebsd.org Cc: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 5EF3576ECB X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=K0iZt629; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::143 as permitted sender) smtp.mailfrom=grarpamp@gmail.com X-Spamd-Result: default: False [-0.06 / 15.00]; R_SPF_ALLOW(0.00)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; URIBL_RED(3.50)[zombieloadattack.com.multi.uribl.com]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(0.00)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; SUBJECT_ENDS_EXCLAIM(0.00)[]; NEURAL_HAM_SHORT(-0.89)[-0.892,0]; HAS_ANON_DOMAIN(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-0.79)[ip: (1.64), ipnet: 2607:f8b0::/32(-3.26), asn: 15169(-2.27), country: US(-0.06)]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.987,0]; R_DKIM_ALLOW(0.00)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.99)[-0.986,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; BAD_REP_POLICIES(0.10)[]; RCVD_IN_DNSWL_NONE(0.00)[3.4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0] X-Mailman-Approved-At: Wed, 15 May 2019 10:39:01 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 May 2019 07:24:56 -0000 https://zombieloadattack.com/ https://zombieloadattack.com/zombieload.pdf https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html https://github.com/IAIK/ZombieLoad https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130 https://www.youtube.com/watch?v=wQvgyChrk_g FreeBSD people... See linux patches in and update your microcode, ports, etc. ZombieLoad Attack Watch out! Your processor resurrects your private browsing-history and other sensitive data. After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them. While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys. The attack does not only work on personal computers but can also be exploited in the cloud. We verified the ZombieLoad attack on Intel processor generations released from 2011 onwards. ZombieLoad in Action In our demo, we show how an attacker can monitor the websites the victim is visiting despite using the privacy-protecting Tor browser in a virtual machine.