os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Correct a few small details in advisories.

Browse source 
EN-19:10.scp: Fix revision number.
SA-19:07.mds: Fix quoting issue in HT disable example.

Approved by:	so
This commit is contained in:
Gordon Tetlow 2019-05-15 19:52:47 +00:00
parent a92dbc5e1c
commit 91d1d749e2
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=53030
2 changed files with 34 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

33
share/security/advisories/FreeBSD-EN-19:10.scp.asc
View file

@ -12,7 +12,7 @@ Module: scp
Announced: 2019-05-14
Affects: All supported versions of FreeBSD.
Corrected: 2019-05-07 19:48:39 UTC (stable/12, 12.0-STABLE)
2019-05-14 22:54:17 UTC (releng/12.0, 12.0-RELEASE-p10)
2019-05-14 22:54:17 UTC (releng/12.0, 12.0-RELEASE-p4)
CVE Name: CVE-2019-6111
For general information regarding FreeBSD Errata Notices and Security
@ -20,6 +20,11 @@ Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
0. Revision history
v1.0 Initial release.
v1.1 Correct patch level for 12.0-RELEASE.
I. Background
scp(1) is a file transfer protocol running over an SSH session.
@ -107,19 +112,19 @@ The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:10.scp.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTq1fFIAAAAAALgAo
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzcbW5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJXGQ/+Ii19QUq6MdSeNPPOHVTtW8G/FIlsaYYlCFooIvzxYxvcqDcCyabVlX/a
Lt815YY7+EbKcSbA0Gh/YFm9S05rwUg4Dnj8nIQwMVp9OEtziIdY6TVU0JhRoUpe
+YVG9e5eh8wK7FFJ/jIaZbAcr2MfMYV2KPouA1HZdqsMBkAkr8xuS3HrmkeE0nxo
6QHTWaaD7qvr8foUSHS1hJsAX3+1eIsdytGUTJIGeL6g7DWsLYYiX7v2k+eZuSe1
dkt7/3J+RqpyJAv+LfGh3QnILC52fO7jOVlnOBt5H/HefX+xRdb8lwHfoBeyxIFc
N4v4Ecypewci6Hv4moTeZF+FtIETHj3EfPIe04eiikiGhrpGQ4cCveK6+kk49x4m
RR7TE+y7klGIfoSuxoooaJ1/UyFJ9T0eICmBUh1B5rcrnwbbhgpXVPpbbee7IFL2
HYiEuDECPN45zek+bL0M5D0wHZc823e7p1Ioxl1NNzawdts7hWwIpNmFTlfWNczQ
KZ9y0bDFffK3nuUkMHORLagCM6ou/wAPunsnWXY3Xg3X61svYIvZThDIeeOi9SbF
d1ve8/H/t5yHRQBpqWk51FfO4RdPmQAo6Y9w9WzhnkETsNXeTruQq7D8SnOaWgXG
JUh9PAVQKcJRWPXVwDTPEsqRgaDVB0gpaPCt5IS2j2tyB8UuAd4=
=2h+W
5cKguw/8CMcd4L1gguK2Dds49Ans3TYg1GxCuH10+tPId0n4Iee2rBXMRrGyMWd6
LoCT3UV5lQUKYwC+K0E/y/516pqvwdchkkgzZQpG6HZv3mLjTb3QJM57KUZRgXHe
XF2vBwxHehteEUg+B+IEidBKdPWF88OQZyJr5GINgOnoqgS/PL4kpPjFhbWsYvDb
QGfoKkDxdu+Tz/s/1Y93a6OiTM5KAuTyAuftBe7znwF0I6wIMQzTYyu644TlS+Dk
HTTVzvm362zIiKW22qCr+jb9W6YPo/+RIYNmn1JIsay4tNcod61JQI0j+hH21Bjb
wfR0Ab0y/kGOfGnMbBr1LBWP8en48SnylFHgy3Fwmt4+ax+EwDwKoMNQHp0ceD84
n4f4tJ9Njqnkw963wijl+cUwgWP5u8fhUmnf8ExdSUb1bHxtGhiSl5XRP1w7mhQB
LD1M1vvc9NJe0tYCzTzthTmeTO9reGyGcuNTzb5JekTytKGE2uxY7ZJOcLgD/A2B
A4lI0+70fJKdLD+XyulM9+yoMeYgKSm6SYAM1ZSPNOda6Gc7L+NnpTdZNS3LY9zb
A15g4rreEmXacW4t+bG14Jb1E7YP8LEBhhrBMC1Hr/NZEh7HqW2dZmP4m1O1S1oV
CxxGFLGbuk/7RTuqy3rk8rMrErd1yYVV15KWZA+wMCM13wIVxsk=
=5Puz
-----END PGP SIGNATURE-----

29
share/security/advisories/FreeBSD-SA-19:07.mds.asc
View file

@ -30,6 +30,7 @@ v1.0 2019-05-14 Initial release.
v1.1 2019-05-15 Fixed date on microcode update package.
v1.2 2019-05-15 Userland startup microcode update details added.
Add language specifying which manufacturers is affected.
v1.3 2019-05-15 Minor quoting nit for the HT disable loader config.
I. Background
@ -58,7 +59,7 @@ manufacturers (eg, AMD) are not believed to be vulnerable.
Systems with users or processors in different trust domains should disable
Hyper-Threading by setting the machdep.hyperthreading_allowed tunable to 0:
# echo 'machdep.hyperthreading_allowed=0 >> /boot/loader.conf'
# echo 'machdep.hyperthreading_allowed=0' >> /boot/loader.conf
# shutdown -r +10min "Security update"
V. Solution
@ -193,19 +194,19 @@ The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:07.mds.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzcU9dfFIAAAAAALgAo
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzcbGNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKG7Q//XEf1kFc8JABZtSQT5XEP+J/CKMF+W+CqVmV6vLNimOeWVaw5BBWbtbhI
7BENuQRw2NcUbwrhwR+KYKWUN0rF0VQOk+m8JMYQxTu1WQfI9J8HDTXjmp1mfrx4
CbEjHuHCvGjezdURR0GIfAfkMjfDUEPEq05svPrEFIh2s4QagF7V2gunwNgprXJV
ZzlA2IEUCx2KFbgbPjIJDY7ED0/VXrNeZU9G4R4t9+QSD2r21cF4kax8DLi5Rtz4
ducXhT5dG+reZXye6c+eryJvjBPEwI9zHth0xLMGHDJUeLAOUkZpNsciuEeNu96O
1EkGqYBKpJGcvsYBnYM0mD2Z23khqxEHWArIluJeVkdezlvREB42nLHQ9oin3opH
ojdh57lkppQqVZ9GTHqQLRVbawiC7oNNWzoYq+ANSReqiIkpPCC3z3NsGDo1oYLK
suMOAtxwPe6qq2Q9voN5lgHNR5w/x2uKxdYx8G8C40ynoFb1W1dQNdGVtmfRpvO5
lvZGWNsmxWBrlYlm8onpulw1WsPgOp9TmhIAO1IZHVhgsaoF9i1hu/BumOTjiQo0
Md4IiGAdPkU7nC3MjDm9jsD+bC6GaXwXkyryi1bpNE2feXVg4lvznyah2wQR2VVq
+R3H0+iTHCOS9fEvWWpRIZWL2AfU78O+c/go9ZqqQvGAxVR/UwM=
=pDA1
5cIlKw/+MxbSJYXnq2icpzhouV84BYjLSO4INwckgtYRnHNuS3DnxFctbu4NMqLp
JIualHdDoX3qSbiZrZ0sEY5+gvFrfgOfIbtsSopT3qnyBKF2w97M1lYxI8ylnGRM
pYv+pV4MVvagl8xwvhScHq2ylSLU0x6tN2UV2htD98coaEnzNNAiPU049p8Hd3vk
29kZPr9nYNRqww3kacoWUoLhv5JF11P0Ez0Xh+YVU2kuvV7uh/Q1RVvtr94T30wk
xQSQCoHfeNQFP/S/Mz4aze2p/NgZkEcNXl2JgZMBiMcoKHuIWCUSCLG3zVfCnDwl
AANWt3q+LJI/dQ/6BWUuc7qejuQx2/qBjoPILbi9yf3/MS5waouOaGn04iQQhKcQ
iE4g4YqyyeZYY7A8BGZedu8vICq4C5BluLUzLuvGdWW8sRTaRNgnCz5Pl3mzPU9k
rbvlk6vO97z7TURdS8DeCcxwyiNsLTeFjZBHrZK+k1xLcKuFGCq4/nv/HHNiW0/e
jOUwycDhd2W3zmRDwtnnwu6/49K/qK029b2wBmQdLOW7EDBVrBsPiFSuhBw3QCJg
j4zPv6o9r7PheqcnTTEMJm4ZWVeCMFLoXMz4C7CICoZHLUaRxx+BTQyu6wnz2/f+
Ivm/MrtmtVegZwI2oF+rl9PNSMr+jpPdj5QHHPM/J5ETiwKPoPI=
=W6aR
-----END PGP SIGNATURE-----