os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Correct a few small details in advisories.

Browse source 
EN-19:10.scp: Fix revision number.
SA-19:07.mds: Fix quoting issue in HT disable example.

Approved by:	so
This commit is contained in:
Gordon Tetlow 2019-05-15 19:52:47 +00:00
parent a92dbc5e1c
commit 91d1d749e2
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=53030
2 changed files with 34 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
share/security/advisories/FreeBSD-EN-19:10.scp.asc
View file

@ -12,7 +12,7 @@ Module: scp
Announced: 2019-05-14 Announced: 2019-05-14
Affects: All supported versions of FreeBSD. Affects: All supported versions of FreeBSD.
Corrected: 2019-05-07 19:48:39 UTC (stable/12, 12.0-STABLE) Corrected: 2019-05-07 19:48:39 UTC (stable/12, 12.0-STABLE)
2019-05-14 22:54:17 UTC (releng/12.0, 12.0-RELEASE-p10) 2019-05-14 22:54:17 UTC (releng/12.0, 12.0-RELEASE-p4)
CVE Name: CVE-2019-6111 CVE Name: CVE-2019-6111
For general information regarding FreeBSD Errata Notices and Security For general information regarding FreeBSD Errata Notices and Security
@ -20,6 +20,11 @@ Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>. <URL:https://security.FreeBSD.org/>.
0. Revision history
v1.0 Initial release.
v1.1 Correct patch level for 12.0-RELEASE.
I. Background I. Background
scp(1) is a file transfer protocol running over an SSH session. scp(1) is a file transfer protocol running over an SSH session.
@ -107,19 +112,19 @@ The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:10.scp.asc> <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:10.scp.asc>
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTq1fFIAAAAAALgAo iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzcbW5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJXGQ/+Ii19QUq6MdSeNPPOHVTtW8G/FIlsaYYlCFooIvzxYxvcqDcCyabVlX/a 5cKguw/8CMcd4L1gguK2Dds49Ans3TYg1GxCuH10+tPId0n4Iee2rBXMRrGyMWd6
Lt815YY7+EbKcSbA0Gh/YFm9S05rwUg4Dnj8nIQwMVp9OEtziIdY6TVU0JhRoUpe LoCT3UV5lQUKYwC+K0E/y/516pqvwdchkkgzZQpG6HZv3mLjTb3QJM57KUZRgXHe
+YVG9e5eh8wK7FFJ/jIaZbAcr2MfMYV2KPouA1HZdqsMBkAkr8xuS3HrmkeE0nxo XF2vBwxHehteEUg+B+IEidBKdPWF88OQZyJr5GINgOnoqgS/PL4kpPjFhbWsYvDb
6QHTWaaD7qvr8foUSHS1hJsAX3+1eIsdytGUTJIGeL6g7DWsLYYiX7v2k+eZuSe1 QGfoKkDxdu+Tz/s/1Y93a6OiTM5KAuTyAuftBe7znwF0I6wIMQzTYyu644TlS+Dk
dkt7/3J+RqpyJAv+LfGh3QnILC52fO7jOVlnOBt5H/HefX+xRdb8lwHfoBeyxIFc HTTVzvm362zIiKW22qCr+jb9W6YPo/+RIYNmn1JIsay4tNcod61JQI0j+hH21Bjb
N4v4Ecypewci6Hv4moTeZF+FtIETHj3EfPIe04eiikiGhrpGQ4cCveK6+kk49x4m wfR0Ab0y/kGOfGnMbBr1LBWP8en48SnylFHgy3Fwmt4+ax+EwDwKoMNQHp0ceD84
RR7TE+y7klGIfoSuxoooaJ1/UyFJ9T0eICmBUh1B5rcrnwbbhgpXVPpbbee7IFL2 n4f4tJ9Njqnkw963wijl+cUwgWP5u8fhUmnf8ExdSUb1bHxtGhiSl5XRP1w7mhQB
HYiEuDECPN45zek+bL0M5D0wHZc823e7p1Ioxl1NNzawdts7hWwIpNmFTlfWNczQ LD1M1vvc9NJe0tYCzTzthTmeTO9reGyGcuNTzb5JekTytKGE2uxY7ZJOcLgD/A2B
KZ9y0bDFffK3nuUkMHORLagCM6ou/wAPunsnWXY3Xg3X61svYIvZThDIeeOi9SbF A4lI0+70fJKdLD+XyulM9+yoMeYgKSm6SYAM1ZSPNOda6Gc7L+NnpTdZNS3LY9zb
d1ve8/H/t5yHRQBpqWk51FfO4RdPmQAo6Y9w9WzhnkETsNXeTruQq7D8SnOaWgXG A15g4rreEmXacW4t+bG14Jb1E7YP8LEBhhrBMC1Hr/NZEh7HqW2dZmP4m1O1S1oV
JUh9PAVQKcJRWPXVwDTPEsqRgaDVB0gpaPCt5IS2j2tyB8UuAd4= CxxGFLGbuk/7RTuqy3rk8rMrErd1yYVV15KWZA+wMCM13wIVxsk=
=2h+W =5Puz
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

29
share/security/advisories/FreeBSD-SA-19:07.mds.asc
View file

@ -30,6 +30,7 @@ v1.0 2019-05-14 Initial release.
v1.1 2019-05-15 Fixed date on microcode update package. v1.1 2019-05-15 Fixed date on microcode update package.
v1.2 2019-05-15 Userland startup microcode update details added. v1.2 2019-05-15 Userland startup microcode update details added.
Add language specifying which manufacturers is affected. Add language specifying which manufacturers is affected.
v1.3 2019-05-15 Minor quoting nit for the HT disable loader config.
I. Background I. Background
@ -58,7 +59,7 @@ manufacturers (eg, AMD) are not believed to be vulnerable.
Systems with users or processors in different trust domains should disable Systems with users or processors in different trust domains should disable
Hyper-Threading by setting the machdep.hyperthreading_allowed tunable to 0: Hyper-Threading by setting the machdep.hyperthreading_allowed tunable to 0:
# echo 'machdep.hyperthreading_allowed=0 >> /boot/loader.conf' # echo 'machdep.hyperthreading_allowed=0' >> /boot/loader.conf
# shutdown -r +10min "Security update" # shutdown -r +10min "Security update"
V. Solution V. Solution
@ -193,19 +194,19 @@ The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:07.mds.asc> <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:07.mds.asc>
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzcU9dfFIAAAAAALgAo iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzcbGNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKG7Q//XEf1kFc8JABZtSQT5XEP+J/CKMF+W+CqVmV6vLNimOeWVaw5BBWbtbhI 5cIlKw/+MxbSJYXnq2icpzhouV84BYjLSO4INwckgtYRnHNuS3DnxFctbu4NMqLp
7BENuQRw2NcUbwrhwR+KYKWUN0rF0VQOk+m8JMYQxTu1WQfI9J8HDTXjmp1mfrx4 JIualHdDoX3qSbiZrZ0sEY5+gvFrfgOfIbtsSopT3qnyBKF2w97M1lYxI8ylnGRM
CbEjHuHCvGjezdURR0GIfAfkMjfDUEPEq05svPrEFIh2s4QagF7V2gunwNgprXJV pYv+pV4MVvagl8xwvhScHq2ylSLU0x6tN2UV2htD98coaEnzNNAiPU049p8Hd3vk
ZzlA2IEUCx2KFbgbPjIJDY7ED0/VXrNeZU9G4R4t9+QSD2r21cF4kax8DLi5Rtz4 29kZPr9nYNRqww3kacoWUoLhv5JF11P0Ez0Xh+YVU2kuvV7uh/Q1RVvtr94T30wk
ducXhT5dG+reZXye6c+eryJvjBPEwI9zHth0xLMGHDJUeLAOUkZpNsciuEeNu96O xQSQCoHfeNQFP/S/Mz4aze2p/NgZkEcNXl2JgZMBiMcoKHuIWCUSCLG3zVfCnDwl
1EkGqYBKpJGcvsYBnYM0mD2Z23khqxEHWArIluJeVkdezlvREB42nLHQ9oin3opH AANWt3q+LJI/dQ/6BWUuc7qejuQx2/qBjoPILbi9yf3/MS5waouOaGn04iQQhKcQ
ojdh57lkppQqVZ9GTHqQLRVbawiC7oNNWzoYq+ANSReqiIkpPCC3z3NsGDo1oYLK iE4g4YqyyeZYY7A8BGZedu8vICq4C5BluLUzLuvGdWW8sRTaRNgnCz5Pl3mzPU9k
suMOAtxwPe6qq2Q9voN5lgHNR5w/x2uKxdYx8G8C40ynoFb1W1dQNdGVtmfRpvO5 rbvlk6vO97z7TURdS8DeCcxwyiNsLTeFjZBHrZK+k1xLcKuFGCq4/nv/HHNiW0/e
lvZGWNsmxWBrlYlm8onpulw1WsPgOp9TmhIAO1IZHVhgsaoF9i1hu/BumOTjiQo0 jOUwycDhd2W3zmRDwtnnwu6/49K/qK029b2wBmQdLOW7EDBVrBsPiFSuhBw3QCJg
Md4IiGAdPkU7nC3MjDm9jsD+bC6GaXwXkyryi1bpNE2feXVg4lvznyah2wQR2VVq j4zPv6o9r7PheqcnTTEMJm4ZWVeCMFLoXMz4C7CICoZHLUaRxx+BTQyu6wnz2/f+
+R3H0+iTHCOS9fEvWWpRIZWL2AfU78O+c/go9ZqqQvGAxVR/UwM= Ivm/MrtmtVegZwI2oF+rl9PNSMr+jpPdj5QHHPM/J5ETiwKPoPI=
=pDA1 =W6aR
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----