Add SA-15:21.amd64, SA-15:22.openssh, EN-15:14.ixgbe and EN-15:15.pkg.
This commit is contained in:
parent
a34f8cc55c
commit
9c7cd2396b
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=47309
14 changed files with 826 additions and 0 deletions
121
share/security/advisories/FreeBSD-EN-15:14.ixgbe.asc
Normal file
121
share/security/advisories/FreeBSD-EN-15:14.ixgbe.asc
Normal file
|
@ -0,0 +1,121 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-15:14.ixgbe Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Disable ixgbe(4) flow-director support
|
||||
|
||||
Category: core
|
||||
Module: ixgbe
|
||||
Announced: 2015-08-25
|
||||
Credits: Marc De La Gueronniere (Verisign, Inc.)
|
||||
Affects: FreeBSD 10.1
|
||||
Corrected: 2014-10-11 22:10:39 UTC (stable/10, 10.1-STABLE)
|
||||
2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.freebsd.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
Flow director is an Intel technology to steer incoming packets in application
|
||||
aware fashion.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
Flow director support is not completely/correctly implemented in FreeBSD at
|
||||
this time.
|
||||
|
||||
III. Impact
|
||||
|
||||
Enabling flow director support may cause traffic to land on a wrong RX queue
|
||||
of the NIC, resulting in bad or sub-optimal performance on the receive side.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but systems that do not have Intel(R) 82559
|
||||
series 10Gb Ethernet Controllers are not affected.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
2) To update your present system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
3) To update your present system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:14/ixgbe.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:14/ixgbe.patch.asc
|
||||
# gpg --verify ixgbe.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile your kernel as described in
|
||||
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
||||
system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/10/ r272967
|
||||
releng/10.1/ r287146
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
The latest revision of this Errata Notice is available at
|
||||
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:14.ixgbe.asc
|
||||
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJV3NfOAAoJEO1n7NZdz2rnImEP/j4kfmZ2XqZ/zbQINCPfybyU
|
||||
oSIgqyD6u4G/hy3gS4k7eLk6tQdUpnYzcoLLfeq0F2uY3DmWXJDBAKG0Bg7QaSzJ
|
||||
3wWyZsN6XHkgNNCFGFsmep//8kAAXoAgJ2IoIPLe6eRHimESLtW2xlnow5PFL4Aw
|
||||
JMj5B/RoxtQZ/phE1zJym7eSpjVUbBrqhj/KkJUZ0W6WOkaT0GPVctvHlc2buZh7
|
||||
6u17LKgZaMMmmCvBNggkYGfiE51aJ9I0n5FdAHvlcaLCw+K58/Q6M2CRpMIorgh6
|
||||
uaUHLZdT8VcZ8KVmDdBul0sZ9pkprHZ4J/htEL2mCOpmsRn/lduHAvf921mtX/64
|
||||
Msg8bdXM48Q5WCv9sfcmMVgMA+6m+MekKc9wKYWw6Ldy0wcQ874jE+nuh3KBq+6X
|
||||
Te4VbxrwuAnspqrnt4Q4NXnqxyElO0BGo6lCSEUGCRje+hlOWG2WhftEV894cRG+
|
||||
JCS6YRvX5C7i8+XD+MhvTeAi7pbaZkq6ODxQAOZgbz4JMQFq8ldOgvLdhUndKGlH
|
||||
xJ9/pK4u5kxXyVx4HPGm0MYlijjHDi/sSAJADutikpNOzlhyZqubA8LgLoBXtyfF
|
||||
/Kk3GYOJvOMSK8QB7YxFRS+zPi1YxAFPEJb7ZV2ygf6RMZpIFoRLFt1kDszo+TeZ
|
||||
iKXcFJvlwI49poLiz7Qs
|
||||
=i/HZ
|
||||
-----END PGP SIGNATURE-----
|
132
share/security/advisories/FreeBSD-EN-15:15.pkg.asc
Normal file
132
share/security/advisories/FreeBSD-EN-15:15.pkg.asc
Normal file
|
@ -0,0 +1,132 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-15:15.pkg Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Insufficient check of unsupported pkg(7) signature methods
|
||||
|
||||
Category: core
|
||||
Module: pkg
|
||||
Announced: 2015-08-25
|
||||
Credits: Fabian Keil
|
||||
Affects: All supported versions of FreeBSD.
|
||||
Corrected: 2015-08-19 18:32:36 UTC (stable/10, 10.2-STABLE)
|
||||
2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RC3-p2)
|
||||
2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RELEASE-p2)
|
||||
2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19)
|
||||
2015-08-19 18:33:25 UTC (stable/9, 9.3-STABLE)
|
||||
2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24)
|
||||
CVE Name: CVE-2015-5676
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.freebsd.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The pkg(8) utility is the package management tool for FreeBSD. The base
|
||||
system includes a pkg(7) bootstrap utility used to install the latest pkg(8)
|
||||
utility.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
When signature_type specified in pkg.conf(5) is set to an unsupported method,
|
||||
the pkg(7) bootstrap utility would behave as if signature_type is set to
|
||||
"none".
|
||||
|
||||
III. Impact
|
||||
|
||||
MITM attackers may be able to use this vulnerability and bypass validation,
|
||||
installing their own version of pkg(8).
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but the default FreeBSD configuration is not
|
||||
affected because it uses "fingerprint" method.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
2) To update your present system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
3) To update your present system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:15/pkg.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:15/pkg.patch.asc
|
||||
# gpg --verify pkg.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/9/ r286936
|
||||
releng/9.3/ r287147
|
||||
stable/10/ r286935
|
||||
releng/10.1/ r287146
|
||||
releng/10.2/ r287145
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5676>
|
||||
|
||||
The latest revision of this Errata Notice is available at
|
||||
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:15.pkg.asc
|
||||
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJV3NfOAAoJEO1n7NZdz2rnzHwP/30xvOZqHSRYMykrkQKcIVH7
|
||||
Vhp0lp1z7KaDBq7xD0m08i2WSr0/pSaBU+At141iSKwvCPS0Szx307kZBO9a8gxw
|
||||
j7s6Z15qychKKGukJ5tJtKX4Q3mqAtjBoCC8wmwmJ/YNmr4HrZRL2vFp7nqAiyhl
|
||||
ntTcSuwEElBoalufeMHWd46eguRO/r9D8uWw+O7a+lLeJO9ThjnNZXOPyMfUE3Yh
|
||||
QoFpVcVdf+j6gIGUuPwNsfy4e6hBNvD0T47+PTBECTykiC1eoX+VXqf8PxKKWSOJ
|
||||
50sKgXOtRy55dMtWbXhu5zjq4jzWFWtBPIRHM5SH/7V898S7zMerh81bsczBUqEA
|
||||
aBu1XJS1fZHlXKlav6/m/G1Wo4QgscBUsV6PhsFNpFmvAdEW2qjnH887FBm7I/Fv
|
||||
a3wvxMmQX1ABPbavFCUZmfS4khLFITYD77XLo8ciu/fyAz/X9n9p1F2EsbL8djis
|
||||
TcTuyUVv3YXeq+gJ9OcOH4CFsYSNlKEYiAd86/9DBnsiVrQJqNzqx+roHjL7ZXg6
|
||||
AA/pqHmOEBq01idYh7PadOf+B5cU5A1CFMhjfpF1qe1yeuFFM30U7ugxjgV4w85O
|
||||
UFotAbyDlftUzeYYTQv2bK6oXzqtVagkhB/xXfQzPK9E3AnysfHA/bLysop7AMyZ
|
||||
CHeFaGA84VB1k9Ky5nSv
|
||||
=a+Ek
|
||||
-----END PGP SIGNATURE-----
|
139
share/security/advisories/FreeBSD-SA-15:21.amd64.asc
Normal file
139
share/security/advisories/FreeBSD-SA-15:21.amd64.asc
Normal file
|
@ -0,0 +1,139 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-SA-15:21.amd64 Security Advisory
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Local privilege escalation in IRET handler
|
||||
|
||||
Category: core
|
||||
Module: sys_amd64
|
||||
Announced: 2015-08-25
|
||||
Credits: Konstantin Belousov, Andrew Lutomirski
|
||||
Affects: FreeBSD 9.3 and FreeBSD 10.1
|
||||
Corrected: 2015-03-31 00:59:30 UTC (stable/10, 10.1-STABLE)
|
||||
2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19)
|
||||
2015-03-31 01:08:51 UTC (stable/9, 9.3-STABLE)
|
||||
2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24)
|
||||
CVE Name: CVE-2015-5675
|
||||
|
||||
For general information regarding FreeBSD Security Advisories,
|
||||
including descriptions of the fields above, security branches, and the
|
||||
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
FreeBSD/amd64 is commonly used on 64bit systems with AMD and Intel
|
||||
CPU's.
|
||||
|
||||
The GS segment CPU register is used by both user processes and the
|
||||
kernel to conveniently access state data: 32-bit user processes use the
|
||||
register to manage per-thread data, while the kernel uses it to access
|
||||
per-processor data.
|
||||
|
||||
The return from interrupt (IRET) instruction returns program control
|
||||
from an interrupt handler to the interrupted context.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
If the kernel-mode IRET instruction generates an #SS or #NP exception,
|
||||
but the exception handler does not properly ensure that the right GS
|
||||
register base for kernel is reloaded, the userland GS segment may be
|
||||
used in the context of the kernel exception handler.
|
||||
|
||||
III. Impact
|
||||
|
||||
By causing an IRET with #SS or #NP exceptions, a local attacker can
|
||||
cause the kernel to use an arbitrary GS base, which may allow escalated
|
||||
privileges or panic the system.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
||||
release / security branch (releng) dated after the correction date,
|
||||
and reboot the system.
|
||||
|
||||
2) To update your vulnerable system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
And reboot the system.
|
||||
|
||||
3) To update your vulnerable system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/SA-15:21/amd64.patch
|
||||
# fetch https://security.FreeBSD.org/patches/SA-15:21/amd64.patch.asc
|
||||
# gpg --verify amd64.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile your kernel as described in
|
||||
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
||||
system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/9/ r280877
|
||||
releng/9.3/ r287147
|
||||
stable/10/ r280875
|
||||
releng/10.1/ r287146
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5675>
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:21.amd64.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJV3Ne8AAoJEO1n7NZdz2rn5ncQANs2pS8xCowX+BM9LmKTUb2Y
|
||||
eqGCvDetXV51/ljAOS10ubc4U0Zn2D5ACyz/DfiLIXVK8vkvlnJXFh3jSK6KIqPH
|
||||
ionXa8zMedBoytZL8xIEFSpk9+cYGkGupIYEGu6CCHVZGJ5fVgTlnnazuXd4evbt
|
||||
U1/7KNWt2H1R1j0YiYZ0MvhrIF35KqFmLOGf2JmZulqruwq91tYeMlv+7IY6vtPD
|
||||
L8n5kTM7pudB3qznXd1PBMj1Y6YVG1O3WL4Stfyj93qDuMbJ+wfnao1ZKMBG0az8
|
||||
IJITHrnTI+Xd4i/bbEoSmSN9V80S8uo/6J6JaXjtbrJfEqAMKhLrrcoMA7MHpKJQ
|
||||
L4dv2HGL1n7xfOIfj5Qo2io/LUSye5lO54LtEKZfjhzqsTtNQl57BDAYZgbQp2/A
|
||||
RsngIq3VrNcIJQK8F1Ba7SNL2+NVd091Wb+Z52837R5/D47jD2BhDia5eH6R5Opv
|
||||
6kfzTJujbLi6b9RSn0OT+wAQbQ80qSmD+IwMXwAAg0mukthjTiJpqabpMWvMmfGO
|
||||
mhfZBGqmf1Hx4lTczSRMLlRCmjOBc+BKioHT2ciE8QMX0WrHhkRuSBqY3euVTCMB
|
||||
9+iU7eJ23tARTbG5wMmBNRsWJzhOKieM0UEsXxso+z8tMMX1Vh/e9ls2qm+ks876
|
||||
WYT9/yPSsyU1z/AkHJU7
|
||||
=nHGY
|
||||
-----END PGP SIGNATURE-----
|
161
share/security/advisories/FreeBSD-SA-15:22.openssh.asc
Normal file
161
share/security/advisories/FreeBSD-SA-15:22.openssh.asc
Normal file
|
@ -0,0 +1,161 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-SA-15:22.openssh Security Advisory
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: OpenSSH multiple vulnerabilities
|
||||
|
||||
Category: contrib
|
||||
Module: openssh
|
||||
Announced: 2015-08-25
|
||||
Affects: All supported versions of FreeBSD.
|
||||
Corrected: 2015-08-25 20:48:44 UTC (stable/10, 10.2-STABLE)
|
||||
2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RC3-p2)
|
||||
2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RELEASE-p2)
|
||||
2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19)
|
||||
2015-08-25 20:48:44 UTC (stable/9, 9.3-STABLE)
|
||||
2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24)
|
||||
|
||||
For general information regarding FreeBSD Security Advisories,
|
||||
including descriptions of the fields above, security branches, and the
|
||||
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
OpenSSH is an implementation of the SSH protocol suite, providing an
|
||||
encrypted and authenticated transport for a variety of services,
|
||||
including remote shell access.
|
||||
|
||||
The PAM (Pluggable Authentication Modules) library provides a flexible
|
||||
framework for user authentication and session setup / teardown.
|
||||
|
||||
The default FreeBSD OpenSSH configuration has PAM interactive
|
||||
authentication enabled.
|
||||
|
||||
Privilege separation is a technique in which a program is divided into
|
||||
multiple cooperating processes, each with a different task, where each
|
||||
process is limited to the specific privileges required to perform that
|
||||
specific task, while the privileged parent process acts as an arbiter.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
A programming error in the privileged monitor process of the sshd(8)
|
||||
service may allow the username of an already-authenticated user to be
|
||||
overwritten by the unprivileged child process.
|
||||
|
||||
A use-after-free error in the privileged monitor process of he sshd(8)
|
||||
service may be deterministically triggered by the actions of a
|
||||
compromised unprivileged child process.
|
||||
|
||||
A use-after-free error in the session multiplexing code in the sshd(8)
|
||||
service may result in unintended termination of the connection.
|
||||
|
||||
III. Impact
|
||||
|
||||
The first bug may allow a remote attacker who a) has already succeeded
|
||||
by other means in compromising the unprivileged pre-authentication
|
||||
child process and b) has valid credentials to one user on the target
|
||||
system to impersonate a different user.
|
||||
|
||||
The second bug may allow a remote attacker who has already succeeded
|
||||
by other means in compromising the unprivileged pre-authentication
|
||||
child process to bypass PAM authentication entirely.
|
||||
|
||||
The third bug is not exploitable, but can cause premature termination
|
||||
of a multiplexed ssh connection.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but systems where ssh(1) and sshd(8) are
|
||||
not used are not vulnerable.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
||||
release / security branch (releng) dated after the correction date.
|
||||
|
||||
The sshd(8) service has to be restarted after the update. A reboot
|
||||
is recommended but not required.
|
||||
|
||||
2) To update your vulnerable system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
The sshd(8) service has to be restarted after the update. A reboot
|
||||
is recommended but not required.
|
||||
|
||||
3) To update your vulnerable system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/SA-15:22/openssh.patch
|
||||
# fetch https://security.FreeBSD.org/patches/SA-15:22/openssh.patch.asc
|
||||
# gpg --verify openssh.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
Restart the sshd(8) daemon, or reboot the system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/9/ r287144
|
||||
releng/9.3/ r287147
|
||||
stable/10/ r287144
|
||||
releng/10.1/ r287146
|
||||
releng/10.2/ r287145
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:22.openssh.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJV3Ne8AAoJEO1n7NZdz2rnxq8P/jW05a6zT9n78wxBuHwRJ9gx
|
||||
7+CN9AsezavW4HmZF4GmWt6SjnJqpLDMwnhceo7po6ZMIxjyWwxBWWfvUwVqezwa
|
||||
kT+DS7oHKmeZAwCSFMj9K25NN+x7KAwXXiiANcj4U4iU+q0YrcEGVIBKVqCAn3ly
|
||||
pJAkMxdTbwlWR7MaPaTMbMenVOs87b6Xx/4gfSBWolFWz9bKfdTYCxK/AnULVIZq
|
||||
Q7lShezEvgyCb8b6QLvnrY4AwHtVduiYxnvNKv8ysbaatZCarkRS8nh68zGcdTBg
|
||||
IyzG5OEtUFokVkroJaLWFXL1mUp7tgn9+UNd0/53wFN2DTZKw9oTAkKn8xrbbOSa
|
||||
xQqYFhsmqsnKlBJMEMaoK9JgGZZ6xOGo3JZ6yrFfYxiZ9xFaR843rOUe0UVrxh+L
|
||||
+2DmALTyLWSkeqlcg66oKqYKMQuvUyd6VpPL0yHpB0AqBTjKjUmG9RgG8AT5MpqW
|
||||
P3weyD0n7rOCBfagofx8MIy15REwjcQSUptarWrMwhJPua95RJ/IAVIIThGrMzZ5
|
||||
PxyWDFU7B/56FRlmX5+6mfi/NC60yIyR6lg0trBtuiiEfNV+HWz6QXOIUMYQvvo9
|
||||
w8fXSy6MJ12jTFqm0+CXbx2wWEVxAZS/wtLDsa3nf2oGkO3upzFl0/fvsR1dZ/hl
|
||||
plo/3SMPpFFbfvIhy2V/
|
||||
=2w70
|
||||
-----END PGP SIGNATURE-----
|
26
share/security/patches/EN-15:14/ixgbe.patch
Normal file
26
share/security/patches/EN-15:14/ixgbe.patch
Normal file
|
@ -0,0 +1,26 @@
|
|||
Index: sys/conf/files
|
||||
===================================================================
|
||||
--- sys/conf/files (revision 286787)
|
||||
+++ sys/conf/files (working copy)
|
||||
@@ -1704,7 +1704,7 @@ dev/ixgb/if_ixgb.c optional ixgb
|
||||
dev/ixgb/ixgb_ee.c optional ixgb
|
||||
dev/ixgb/ixgb_hw.c optional ixgb
|
||||
dev/ixgbe/ixgbe.c optional ixgbe inet \
|
||||
- compile-with "${NORMAL_C} -I$S/dev/ixgbe -DSMP -DIXGBE_FDIR"
|
||||
+ compile-with "${NORMAL_C} -I$S/dev/ixgbe -DSMP"
|
||||
dev/ixgbe/ixv.c optional ixgbe inet \
|
||||
compile-with "${NORMAL_C} -I$S/dev/ixgbe"
|
||||
dev/ixgbe/ixgbe_phy.c optional ixgbe inet \
|
||||
Index: sys/modules/ixgbe/Makefile
|
||||
===================================================================
|
||||
--- sys/modules/ixgbe/Makefile (revision 286787)
|
||||
+++ sys/modules/ixgbe/Makefile (working copy)
|
||||
@@ -12,7 +12,7 @@ SRCS += ixgbe.c ixv.c
|
||||
SRCS += ixgbe_common.c ixgbe_api.c ixgbe_phy.c ixgbe_mbx.c ixgbe_vf.c
|
||||
SRCS += ixgbe_dcb.c ixgbe_dcb_82598.c ixgbe_dcb_82599.c
|
||||
SRCS += ixgbe_82599.c ixgbe_82598.c ixgbe_x540.c
|
||||
-CFLAGS+= -I${.CURDIR}/../../dev/ixgbe -DSMP -DIXGBE_FDIR
|
||||
+CFLAGS+= -I${.CURDIR}/../../dev/ixgbe -DSMP
|
||||
|
||||
.if !defined(KERNBUILDDIR)
|
||||
.if ${MK_INET_SUPPORT} != "no"
|
17
share/security/patches/EN-15:14/ixgbe.patch.asc
Normal file
17
share/security/patches/EN-15:14/ixgbe.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJV3NfSAAoJEO1n7NZdz2rnwaoP/2b/ter6TOaSERlf0QxN8e9X
|
||||
c+aSr9LLLVQG4MtzuYS6mFHp1uDgA4dwFVlSZjXp9ZJBtSt5HWZDzDKO1eaFz9YR
|
||||
cY2zCC8Mo3H+KlXrDSBYaT9JCA7fEPTFQKvfDGushRDF6h6AoVoOl7W4IWOhZ+Nk
|
||||
SbbvMOBAyVHrevyT8gLBv2+nPeEtv4vvYg5Rq/HqCUW0IkxCFuhvMj30kQBrQYM1
|
||||
lOyXOGOC+SqPgeqN6+j9HPI3Fx7xDzPF/I1zThPI+Nvgn9BZRhTT1+Ev+g5MxGNy
|
||||
Z3mv4aW2tSJQksDsYa2X0wDl8/yvFhliQwLVmkDp27sf5dVsRqrJZwMwY4r6I8Ej
|
||||
JHFoJxyiCqQzfq5dWuBgVuyk1NYPF5GdZLEp7gP1i6Swbn+1kjYBh0HPkJK9VMcZ
|
||||
uYlHzEoUoQAbTfxs5N/Am82lT6ljvNvdbU9960Hilb8ObkJNop7vxWc9oNFhud20
|
||||
ECJF68Hw6CjjDFywEeY2c479Xs0Shf7sDXBId+RGNvjFXWWRGBV1YXk0w+gsUuUd
|
||||
r1P8D7ixy/ZQOPauw61+SC2DS3icMuwmSQamD1pOxmSvK0x+lLNRDK52X93TTA24
|
||||
4yvOvh7ePktvZLWWO0y375ZsEWfVnZRpf39rjaEpz/0jwREULkmz1HjipozDRhJn
|
||||
4No3c9hi9rwcH/oU0/xd
|
||||
=txUl
|
||||
-----END PGP SIGNATURE-----
|
34
share/security/patches/EN-15:15/pkg.patch
Normal file
34
share/security/patches/EN-15:15/pkg.patch
Normal file
|
@ -0,0 +1,34 @@
|
|||
Index: usr.sbin/pkg/pkg.c
|
||||
===================================================================
|
||||
--- usr.sbin/pkg/pkg.c (revision 286787)
|
||||
+++ usr.sbin/pkg/pkg.c (working copy)
|
||||
@@ -749,7 +749,13 @@ bootstrap_pkg(bool force)
|
||||
goto fetchfail;
|
||||
|
||||
if (signature_type != NULL &&
|
||||
- strcasecmp(signature_type, "FINGERPRINTS") == 0) {
|
||||
+ strcasecmp(signature_type, "NONE") != 0) {
|
||||
+ if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
|
||||
+ warnx("Signature type %s is not supported for "
|
||||
+ "bootstrapping.", signature_type);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
|
||||
getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
|
||||
snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
|
||||
@@ -834,7 +840,13 @@ bootstrap_pkg_local(const char *pkgpath, bool forc
|
||||
return (-1);
|
||||
}
|
||||
if (signature_type != NULL &&
|
||||
- strcasecmp(signature_type, "FINGERPRINTS") == 0) {
|
||||
+ strcasecmp(signature_type, "NONE") != 0) {
|
||||
+ if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
|
||||
+ warnx("Signature type %s is not supported for "
|
||||
+ "bootstrapping.", signature_type);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
snprintf(path, sizeof(path), "%s.sig", pkgpath);
|
||||
|
||||
if ((fd_sig = open(path, O_RDONLY)) == -1) {
|
17
share/security/patches/EN-15:15/pkg.patch.asc
Normal file
17
share/security/patches/EN-15:15/pkg.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJV3NfSAAoJEO1n7NZdz2rnghsP/3LVlVtT+vCVLMrVcy2gZ2q8
|
||||
y9BICtPx2M2PRR9JOPBjD+DrcOZV9QrCX5FLvPmBDvFSMgGp+1EvZP9r/DFOngJ4
|
||||
B1+enlcBl48FoK6UmWhvScvDywH7wRoBFIh9HeSP+z6HXhYhDXpyS9XGiBXcTYFA
|
||||
QEAJOa+gdiA1trhgYZZpI3EQ/SzB/D2MiBZPGqtCgmL50lWRJS6Q79EYi11sPSoF
|
||||
Lovjipxp3FYrlFODsB1iBFReXC8E1k8s+peXJFZfFAM+HUh2YAXFhYnJ1Bleq8Jb
|
||||
zNox48EF7d4dXgFZVBAqgxpmuvVVpCsVWrZikLLcCzspIoKF1+F8+ZNyCDvfhSOm
|
||||
tWFH1NjE14U4NvF1ratwfSFSOogVyUrYSr0s2n3EWhmp2V5I4Q8Zz43GPVk6z/Qm
|
||||
LXInkYPVE6mI1l08MhW2EMJTNmp2euXgzorb/JVO01Zj5XGobB9C4XA5+3/AWu0P
|
||||
xKRfYp52z4rwX8w3RnzTM5L7l1uLm9LPlSis3rsZJvgpE2UHLpgahAgNMlGzYzQT
|
||||
M0cj0h/E2xfvrUYkrW9l35NOsZZ5Q0Ox4ft59ua3QZm8RxUKcWdaAf2fy0t1F53u
|
||||
YdA1bMVWFInVYYGwS/qrNj9yjoJcAa8E2v06McWyCZ8J2Tx3Gj50oWcebmiJtLxO
|
||||
RA9lcL+X6yPGHCROPmng
|
||||
=6SMS
|
||||
-----END PGP SIGNATURE-----
|
53
share/security/patches/SA-15:21/amd64.patch
Normal file
53
share/security/patches/SA-15:21/amd64.patch
Normal file
|
@ -0,0 +1,53 @@
|
|||
Index: sys/amd64/amd64/exception.S
|
||||
===================================================================
|
||||
--- sys/amd64/amd64/exception.S (revision 286969)
|
||||
+++ sys/amd64/amd64/exception.S (working copy)
|
||||
@@ -154,9 +154,13 @@ IDTVEC(xmm)
|
||||
IDTVEC(tss)
|
||||
TRAP_ERR(T_TSSFLT)
|
||||
IDTVEC(missing)
|
||||
- TRAP_ERR(T_SEGNPFLT)
|
||||
+ subq $TF_ERR,%rsp
|
||||
+ movl $T_SEGNPFLT,TF_TRAPNO(%rsp)
|
||||
+ jmp prot_addrf
|
||||
IDTVEC(stk)
|
||||
- TRAP_ERR(T_STKFLT)
|
||||
+ subq $TF_ERR,%rsp
|
||||
+ movl $T_STKFLT,TF_TRAPNO(%rsp)
|
||||
+ jmp prot_addrf
|
||||
IDTVEC(align)
|
||||
TRAP_ERR(T_ALIGNFLT)
|
||||
|
||||
@@ -319,6 +323,7 @@ IDTVEC(page)
|
||||
IDTVEC(prot)
|
||||
subq $TF_ERR,%rsp
|
||||
movl $T_PROTFLT,TF_TRAPNO(%rsp)
|
||||
+prot_addrf:
|
||||
movq $0,TF_ADDR(%rsp)
|
||||
movq %rdi,TF_RDI(%rsp) /* free up a GP register */
|
||||
leaq doreti_iret(%rip),%rdi
|
||||
Index: sys/amd64/amd64/machdep.c
|
||||
===================================================================
|
||||
--- sys/amd64/amd64/machdep.c (revision 286969)
|
||||
+++ sys/amd64/amd64/machdep.c (working copy)
|
||||
@@ -428,6 +428,7 @@ sendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *
|
||||
regs->tf_rflags &= ~(PSL_T | PSL_D);
|
||||
regs->tf_cs = _ucodesel;
|
||||
regs->tf_ds = _udatasel;
|
||||
+ regs->tf_ss = _udatasel;
|
||||
regs->tf_es = _udatasel;
|
||||
regs->tf_fs = _ufssel;
|
||||
regs->tf_gs = _ugssel;
|
||||
Index: sys/amd64/amd64/trap.c
|
||||
===================================================================
|
||||
--- sys/amd64/amd64/trap.c (revision 286969)
|
||||
+++ sys/amd64/amd64/trap.c (working copy)
|
||||
@@ -473,8 +473,6 @@ trap(struct trapframe *frame)
|
||||
goto out;
|
||||
|
||||
case T_STKFLT: /* stack fault */
|
||||
- break;
|
||||
-
|
||||
case T_PROTFLT: /* general protection fault */
|
||||
case T_SEGNPFLT: /* segment not present fault */
|
||||
if (td->td_intr_nesting_level != 0)
|
17
share/security/patches/SA-15:21/amd64.patch.asc
Normal file
17
share/security/patches/SA-15:21/amd64.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJV3Ne1AAoJEO1n7NZdz2rnwuYP/i6fWwcpTVRtC9Fi9IDv6crB
|
||||
gTpiDC5oNLxBBk3INWkt03oBL5WenM48/fiIZ4/qICWZEaEGMWALsLhIjC1uE6z1
|
||||
6cZHUA4zUr9Fnx7YhwGMXeLugTPbjHDTKheKdiebjZ3xU8LNp7h4TcanPBSB4rM1
|
||||
6qhJLki9EIfHqLTJa0MXR7T0xOBUvd9337NgN99kYpE9R22h+Fl4UXLpJfkS5/zn
|
||||
i9RsqFCTK4iD5f0BCGvPVK+m2mDAIuedgoYNQxAdeiZ8SjeObDeXX27Po0pcK2V7
|
||||
mK7gaYrwFiHlVjgxenR+TKYoWGKl3OV6x9lmy2V11xuCIIXHU8umlNG2zBlEK8Da
|
||||
b7Dk+9Wmsoz5LspQORYWMHjLs6H0Q18udhztzlzlJHE1XZ9O3idV5dBxh3WrYzU4
|
||||
Yh3iWRTJiCp34dR98xSePhOq6FHw/jJcRH8M6MXus47Ssf32CvToLBFbfio6T2U5
|
||||
lQ6yLWIBrnl5WyGBtwNSGEzEWMgfvjU7PL2LEt5xnLR8F7+nQvysAXlt9MfTAexT
|
||||
+Jrn44Sc5dy/mK5d7Tmxpo1VQ9rqI1Msn+5TW0p4/aG7/XnQruwzN8QVwAOajgQt
|
||||
cxZ0RmvV+8iLCAmvRuJszYqbo+VkRC2PtTWHmNjCwddYAawC+Rg9m2an/pJQaH/d
|
||||
0YB0zGqhLzGJV9L2+uem
|
||||
=7Eoy
|
||||
-----END PGP SIGNATURE-----
|
68
share/security/patches/SA-15:22/openssh.patch
Normal file
68
share/security/patches/SA-15:22/openssh.patch
Normal file
|
@ -0,0 +1,68 @@
|
|||
Index: crypto/openssh/monitor.c
|
||||
===================================================================
|
||||
--- crypto/openssh/monitor.c (revision 286787)
|
||||
+++ crypto/openssh/monitor.c (working copy)
|
||||
@@ -1027,9 +1027,7 @@ extern KbdintDevice sshpam_device;
|
||||
int
|
||||
mm_answer_pam_init_ctx(int sock, Buffer *m)
|
||||
{
|
||||
-
|
||||
debug3("%s", __func__);
|
||||
- authctxt->user = buffer_get_string(m, NULL);
|
||||
sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
|
||||
sshpam_authok = NULL;
|
||||
buffer_clear(m);
|
||||
@@ -1111,14 +1109,16 @@ mm_answer_pam_respond(int sock, Buffer *m)
|
||||
int
|
||||
mm_answer_pam_free_ctx(int sock, Buffer *m)
|
||||
{
|
||||
+ int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt;
|
||||
|
||||
debug3("%s", __func__);
|
||||
(sshpam_device.free_ctx)(sshpam_ctxt);
|
||||
+ sshpam_ctxt = sshpam_authok = NULL;
|
||||
buffer_clear(m);
|
||||
mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
|
||||
auth_method = "keyboard-interactive";
|
||||
auth_submethod = "pam";
|
||||
- return (sshpam_authok == sshpam_ctxt);
|
||||
+ return r;
|
||||
}
|
||||
#endif
|
||||
|
||||
Index: crypto/openssh/monitor_wrap.c
|
||||
===================================================================
|
||||
--- crypto/openssh/monitor_wrap.c (revision 286787)
|
||||
+++ crypto/openssh/monitor_wrap.c (working copy)
|
||||
@@ -820,7 +820,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt)
|
||||
|
||||
debug3("%s", __func__);
|
||||
buffer_init(&m);
|
||||
- buffer_put_cstring(&m, authctxt->user);
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
|
||||
debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
|
||||
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
|
||||
Index: crypto/openssh/mux.c
|
||||
===================================================================
|
||||
--- crypto/openssh/mux.c (revision 286787)
|
||||
+++ crypto/openssh/mux.c (working copy)
|
||||
@@ -635,7 +635,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer
|
||||
u_int lport, cport;
|
||||
int i, ret = 0, freefwd = 1;
|
||||
|
||||
- fwd.listen_host = fwd.connect_host = NULL;
|
||||
+ memset(&fwd, 0, sizeof(fwd));
|
||||
+
|
||||
if (buffer_get_int_ret(&ftype, m) != 0 ||
|
||||
(fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
|
||||
buffer_get_int_ret(&lport, m) != 0 ||
|
||||
@@ -785,7 +786,8 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffe
|
||||
int i, listen_port, ret = 0;
|
||||
u_int lport, cport;
|
||||
|
||||
- fwd.listen_host = fwd.connect_host = NULL;
|
||||
+ memset(&fwd, 0, sizeof(fwd));
|
||||
+
|
||||
if (buffer_get_int_ret(&ftype, m) != 0 ||
|
||||
(fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
|
||||
buffer_get_int_ret(&lport, m) != 0 ||
|
17
share/security/patches/SA-15:22/openssh.patch.asc
Normal file
17
share/security/patches/SA-15:22/openssh.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJV3Ne1AAoJEO1n7NZdz2rnaD4P/27Y0Bd6TwsCXR33YG8bmmpO
|
||||
ASZxD1GyWFqZyTIrPw+gBN2SkfxROnjMSq5/RfbAgbTthQYEQ+vu7aX4rbpuGQ3E
|
||||
5nK1IJlCS9abr84QWOxFXuDtBrLuYhb4WRmMNpGANfmA+ZtKap7fNkdLsU5XYnGf
|
||||
wftLAWPtUF1GxPPFcc9NZdXyOePg4UcfTFqfPkHmdeEPSLlOhkCHv4ZtuWPg4VMB
|
||||
++uEZCAS+U1Ky4NIKaGmE9lO5x9LWzQnXzluLXHPAAnMxi4uTLs4DFocGgLR9Xvv
|
||||
NftlvAzJuQWzIAr5Tp/5YB24nqJB+qAMNwwmSMvsL2MFDI4Zepqq3o0Ss4xAPOjU
|
||||
taBDNow1+S/tLPH2jtF3hu/DP2H8HkSm5UqNWrHP8vS4UXqlXIofjaA5mTddtGLK
|
||||
FXc6C+NQ2G7bqgw+g5kiO+XH3gYBMxJtuRyBCIekeBAtIISoevz/V+ejFdTE0EFP
|
||||
MuvC4HWhSttdTJkdC74+WdcNWqpQ14iHwdrlY8Gazv9wQz/iwonZO7pzE+lea+j3
|
||||
f+e/2dyQLXxEIxrfGRRZljuekbvLnEn+DUSV9mExpNP60ZvRBKyVOBDcnteP3VhY
|
||||
4LAMaSFzE7kgPuhaLBfzecEFDd06Eiz7LEd4HesXVqpKBP1fBOevfAxW8Izidg/1
|
||||
/t/RV1/NkgKrKgNBkO97
|
||||
=ZQpd
|
||||
-----END PGP SIGNATURE-----
|
|
@ -10,6 +10,18 @@
|
|||
<month>
|
||||
<name>8</name>
|
||||
|
||||
<day>
|
||||
<name>25</name>
|
||||
|
||||
<advisory>
|
||||
<name>FreeBSD-SA-15:22.openssh</name>
|
||||
</advisory>
|
||||
|
||||
<advisory>
|
||||
<name>FreeBSD-SA-15:21.amd64</name>
|
||||
</advisory>
|
||||
</day>
|
||||
|
||||
<day>
|
||||
<name>18</name>
|
||||
|
||||
|
|
|
@ -10,6 +10,18 @@
|
|||
<month>
|
||||
<name>8</name>
|
||||
|
||||
<day>
|
||||
<name>25</name>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-15:15.pkg</name>
|
||||
</notice>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-15:14.ixgbe</name>
|
||||
</notice>
|
||||
</day>
|
||||
|
||||
<day>
|
||||
<name>18</name>
|
||||
|
||||
|
|
Loading…
Reference in a new issue