os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add SA-20:27 to SA-20:30.

Browse source 
Approved by:	so
This commit is contained in:
Gordon Tetlow 2020-09-15 22:00:07 +00:00
parent 6b7473e71a
commit a83b2ae035
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=54498
15 changed files with 921 additions and 0 deletions

149
share/security/advisories/FreeBSD-SA-20:27.ure.asc Normal file
View file

@ -0,0 +1,149 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-20:27.ure Security Advisory
The FreeBSD Project
Topic: ure device driver susceptible to packet-in-packet attack
Category: core
Module: ure
Announced: 2020-09-15
Credits: John-Mark Gurney
Affects: All supported versions of FreeBSD.
Corrected: 2020-09-14 19:39:43 UTC (stable/12, 12.2-STABLE)
2020-09-15 21:42:05 UTC (releng/12.2, 12.2-BETA1-p1)
2020-09-15 21:42:05 UTC (releng/12.1, 12.1-RELEASE-p10)
2020-09-15 00:22:30 UTC (stable/11, 11.4-STABLE)
2020-09-15 21:42:05 UTC (releng/11.4, 11.4-RELEASE-p4)
2020-09-15 21:42:05 UTC (releng/11.3, 11.3-RELEASE-p14)
CVE Name: CVE-2020-7464
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The ure(4) driver provides support for USB Ethernet adapters based on the
Realtek RTL8152 and RTL8153 USB Ethernet controllers.
II. Problem Description
A programming error in the ure(4) device driver caused some Realtek USB
Ethernet interfaces to incorrectly report packets with more than 2048 bytes
in a single USB transfer as having a length of only 2048 bytes.
An adversary can exploit this to cause the driver to misinterpret part of the
payload of a large packet as a separate packet, and thereby inject packets
across security boundaries such as VLANs.
III. Impact
An attacker that can send large frames (larger than 2048 bytes in size) to be
received by the host (be it VLAN, or non-VLAN tagged packet), can inject
arbitrary packets to be received and processed by the host. This includes
spoofing packets from other hosts, or injecting packets to other VLANs than
the host is on.
IV. Workaround
No workaround is available. However, an attacker needs to be able to inject
large frames. If a switch can prevent large frames (>2048 bytes) from being
received, or connecting the machine to a switch that does not forward large
frames will mitigate this attack.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date,
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.1, FreeBSD 12.2]
# fetch https://security.FreeBSD.org/patches/SA-20:27/ure.12.patch
# fetch https://security.FreeBSD.org/patches/SA-20:27/ure.12.patch.asc
# gpg --verify ure.12.patch.asc
[FreeBSD 11.3, FreeBSD 11.4]
# fetch https://security.FreeBSD.org/patches/SA-20:27/ure.11.patch
# fetch https://security.FreeBSD.org/patches/SA-20:27/ure.11.patch.asc
# gpg --verify ure.11.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r365730
releng/12.2/ r365778
releng/12.1/ r365778
stable/11/ r365738
releng/11.4/ r365778
releng/11.3/ r365778
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7464>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:27.ure.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl9hOIxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJY9A//Z+Rt20iUnM79er+CYF4EQNrzR8dOKr2/6L5ho5L1kJt0MdZtamN+f5Bq
Jpzem060oAv+0mgAiK3VR7unlkEk+wFNvMwhgItvI8l2TME3+n/A0nsYQkP9QPPp
SwHmKcIAbwkdtv913zy7AGc/vE+2+D8x84WHp6WDhRmDVgU5QAPGgP4yv0qhgkpy
L8ndLDte3tXMk0eWArxWTpMfxqKGmp9Cgy88QRoIpguazS+ocSVt6h3emxQPtTc/
7SQOEqjg4IiEXW/t2SSDqB1cvNPmN82yJt4mQg1m8v/SjFjFQ2qgFC+47cYezI1F
nLuoDw16kYUu65DyePiXfCsBwSjkLU1IgpBSgmmxjMzwoVgE7/9AtRqiCwe2xkEF
E6c1VWAQAw2AiZmsISv8T9RNLegLnNjyhO9iSsaeuOfLbTIeQ9zbcUL6xgZB6AxO
tk/fkt+NHwuRoXNx2SC959r+hwhdnrpgxTEphjCFuuMdMGKsxm3TQGdwD6ZvQ1r2
HkVV1m4ukgpxw8ONa88Lgo+2f1HZhZKWLzp3EsTA3LMpgk+5uJjIuL/ctuddscWY
Do9VapPTIGxjZqABGtxJL7NrzCz2pXE0CHzAjFWD830kujgcdihe6FbJx0cJe3m8
+CxaGBXvSINHyPwgDArnKR3Hrd57/T6RSUWqsksB7fBCpmFdQaI=
=S9sW
-----END PGP SIGNATURE-----

137
share/security/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc Normal file
View file

@ -0,0 +1,137 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-20:28.bhyve_vmcs Security Advisory
The FreeBSD Project
Topic: bhyve privilege escalation via VMCS access
Category: core
Module: bhyve
Announced: 2020-09-15
Credits: Patrick Mooney
Affects: All supported versions of FreeBSD.
Corrected: 2020-09-15 21:28:47 UTC (stable/12, 12.2-STABLE)
2020-09-15 21:43:41 UTC (releng/12.2, 12.2-BETA1-p1)
2020-09-15 21:43:41 UTC (releng/12.1, 12.1-RELEASE-p10)
2020-09-15 21:28:47 UTC (stable/11, 11.4-STABLE)
2020-09-15 21:43:41 UTC (releng/11.4, 11.4-RELEASE-p4)
2020-09-15 21:43:41 UTC (releng/11.3, 11.3-RELEASE-p14)
CVE Name: CVE-2020-24718
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
bhyve(8) is a hypervisor that supports running a variety of guest operating
systems in virtual machines on AMD and Intel CPUs.
II. Problem Description
AMD and Intel CPUs support hardware virtualization using specialized data
structures that control various aspects of guest operation. These are the
Virtual Machine Control Structure (VMCS) on Intel CPUs, and the Virtual
Machine Control Block (VMCB) on AMD CPUs. Insufficient access controls allow
root users, including those running in a jail, to change these data
structures.
III. Impact
An attacker with host root access (including to a jailed bhyve instance) can
use this vulnerability to achieve kernel code execution.
IV. Workaround
No workaround is available. This issue is likely of concern only to systems
relying on running bhyve in jail(8) for security domain separation.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date,
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-20:28/bhyve_vmcs.patch
# fetch https://security.FreeBSD.org/patches/SA-20:28/bhyve_vmcs.patch.asc
# gpg --verify bhyve_vmcs.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r365777
releng/12.2/ r365779
releng/12.1/ r365779
stable/11/ r365777
releng/11.4/ r365779
releng/11.3/ r365779
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24718>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl9hOJdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKJBQ//UOwIgcc2n+Yr0MrNIs2XzLjmKBsuVfIrFni0GGJFFSAUd7Kzw7oeY4ng
e9JURtfV6NlU63QkaRw+QqgvnXm5vLbgO+oWuedsj33eNgUNdUinZinieZuFAyAt
BBgfMJ3D9X7HffIw1iKN/DWaealFJ1SHtKYzVssTBx/7ju+SFj5HkwLh/7QzKBYO
CoeNE7RN2kSDmvvEKMdN17QyM4+H3wYpsnylWHa89slIe1xj0eVqgnGw2NrjjKlV
N2DAQM+MvdJ+W8oA0idEvBZj55uHV9OlgIwJCDi0/u5yHPJkhuYYuHsf0oyW+NT6
gWvzwTI27IAAyYKK57pGVP7x4sy8VhsDItzqubhDqa/zjNZM9SYOtLYiOnDjev2B
nqC2mV08XpC9lfwd3EDPGv+FYbTTe9OzirlJBnbMnwhj/p0sPMYCtuWKp/MyQyyD
1yhUJJlZgI6HdrTOOeqhObNDtEz75MI1bpLVmjq9VMLz1PtzdNFDcNmyvtTOpMut
vZDFgCqtkpcukqxfqV1EJAWr0UWnaUyPc0klbmLwrQCpTWDOBT7QK+S5ZtNLQqu4
c6UJ7CQLNPn9nEjf16D8dZ1Iy3AJyPmtv7ehEkKFjJtNIwitCx/AIzKiXXzzxe56
boJoQL0pmgJkv3tjP5dEMeSx5SA4mrhtKCL+ri3/ZFXHxtcDNsQ=
=Jluz
-----END PGP SIGNATURE-----

136
share/security/advisories/FreeBSD-SA-20:29.bhyve_svm.asc Normal file
View file

@ -0,0 +1,136 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-20:29.bhyve_svm Security Advisory
The FreeBSD Project
Topic: bhyve SVM guest escape
Category: core
Module: bhyve
Announced: 2020-09-15
Credits: Maxime Villard
Affects: All supported versions of FreeBSD.
Corrected: 2020-09-15 20:25:30 UTC (stable/12, 12.2-STABLE)
2020-09-15 21:46:39 UTC (releng/12.2, 12.2-BETA1-p1)
2020-09-15 21:46:39 UTC (releng/12.1, 12.1-RELEASE-p10)
2020-09-15 20:26:31 UTC (stable/11, 11.4-STABLE)
2020-09-15 21:46:39 UTC (releng/11.4, 11.4-RELEASE-p4)
2020-09-15 21:46:39 UTC (releng/11.3, 11.3-RELEASE-p14)
CVE Name: CVE-2020-7467
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
bhyve(8) is a hypervisor that supports running a variety of guest operating
systems in virtual machines on AMD and Intel CPUs. AMD and Intel provide
broadly similar virtualization interfaces, but each provides its own specific
instructions for manipulating virtual machine state.
II. Problem Description
A number of AMD virtualization instructions operate on host physical
addresses, are not subject to nested page table translation, and guest use of
these instructions was not trapped.
III. Impact
- From kernel mode a malicious guest can write to arbitrary host memory (with
some constraints), affording the guest full control of the host.
IV. Workaround
No workaround is available. Systems not using bhyve, and systems that
use bhyve with an Intel CPU, are not vulnerable.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date,
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-20:29/bhyve_svm.patch
# fetch https://security.FreeBSD.org/patches/SA-20:29/bhyve_svm.patch.asc
# gpg --verify bhyve_svm.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r365767
releng/12.2/ r365780
releng/12.1/ r365780
stable/11/ r365769
releng/11.4/ r365780
releng/11.3/ r365780
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7467>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:29.bhyve_svm.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl9hOJhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJxjxAAjy783UUnVvhtiJt4p5TGMpaU+ZrLnKaOASiTDdbp6z3IFuLZ1VbkekAM
aMGgZNmYkRotcTM0mbhoeRROSrYlmO2ZHNmJyxchbOaIfKXL3iTFYP5gRirN1r+Q
i8+Gr5HzTL5SkvTEx0wKUp6uRqD26nf7i4KrdOWmf5ivhB66Z2vk/56aX53eSNJ5
iPZYvlFnVIcy1wKPE1RIP67H+nqqWBApavWUMK6f01cAMr5w0BE+f4RdSvzEFnuG
p2Id8A3ptt0VoIdZzbJkLKog4/dlC1C+PVPPLND2gcCY2c/+gG0nNTy9Fjdvsoor
AnmRvlarCCcEVOSxGk+WNUwWdQnQPFykpZxGtid53km3Yjw1smPmfOVwvNhTkzoP
tPZ568wFyaBGLI+39hC0u0AtLT93MBHpxpCMpQZ9rlFauxn5OuyBFkxgCuEyq728
GcrMVggyrzOetW7GqdlOEzFDj3nxHme+08qmbLXjv5X8N1RK+TGZDAjYFqLU1NXi
cyPhbGqV4SuYw3dW7E0C8eOocuVmpXTEW82R9ff1pobUZUNVGKZse1rjT344VTSc
DazL/q2TIo5fyDWEaNWsPad8mdyQGWft2cfYHYrO+Y6Smn/oKS3LmX61bGC37FEF
b0rqunbDdq4775q6H6KKbRgVTKGiVyC/Nt/2xkg//GymzNnuFvY=
=lplz
-----END PGP SIGNATURE-----

140
share/security/advisories/FreeBSD-SA-20:30.ftpd.asc Normal file
View file

@ -0,0 +1,140 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-20:30.ftpd Security Advisory
The FreeBSD Project
Topic: ftpd privilege escalation via ftpchroot feature
Category: core
Module: ftpd
Announced: 2020-09-15
Credits: Anonymous working with Trend Micro Zero Day Initiative
Affects: All supported versions of FreeBSD.
Corrected: 2020-09-15 20:55:13 UTC (stable/12, 12.2-STABLE)
2020-09-15 21:47:44 UTC (releng/12.2, 12.2-BETA1-p1)
2020-09-15 21:47:44 UTC (releng/12.1, 12.1-RELEASE-p10)
2020-09-15 20:56:14 UTC (stable/11, 11.4-STABLE)
2020-09-15 21:47:44 UTC (releng/11.4, 11.4-RELEASE-p4)
2020-09-15 21:47:44 UTC (releng/11.3, 11.3-RELEASE-p14)
CVE Name: CVE-2020-7468
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
ftpd(8) is a daemon that implements an FTP server. To restrict
filesystem access of authenticated clients, ftpd(8) supports the
ftpchroot(5) feature, which allows the system administrator to designate
a root directory for each FTP user. This is implemented using the
chroot(2) system call.
II. Problem Description
A ftpd(8) bug in the implementation of the file system sandbox, combined
with capabilities available to an authenticated FTP user, can be used to
escape the file system restriction configured in ftpchroot(5).
Moreover, the bug allows a malicious client to gain root privileges.
III. Impact
A malicious FTP user can gain privileged access to an affected system.
IV. Workaround
No workaround is available. Systems not running ftpd(8) or not making
use of ftpchroot(5) are not affected. Exploitation of the bug requires
that a malicious FTP client have login access to the server. Anonymous
access is not sufficient.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Restart the applicable daemons, or reboot the system.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-20:30/ftpd.patch
# fetch https://security.FreeBSD.org/patches/SA-20:30/ftpd.patch.asc
# gpg --verify ftpd.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the applicable daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r365772
releng/12.2/ r365781
releng/12.1/ r365781
stable/11/ r365773
releng/11.4/ r365781
releng/11.3/ r365781
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7468>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:30.ftpd.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl9hOJhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJCRA//Zuuqyaim3BnR0Qs9mSI3fm37AQN9NyV0GzaP6ayAeCu7xuyzMzFD58jU
SZAkrH16buh34dfelwofPSO8ZIAHZ0X6PpVWHwrTkrT8ADHCuJwEe0imG5MDDJn4
mMJSA9OVyQXgHXApnOhJ4hHMUfGF0QJvsOvPQ4f8J3J9K9pTa78HgekaNWkgpTzo
eAGV+lug/UwsK//FrcyYaifZF1xl0ZKSAl6RVFVaqxxVXZGZ2txlew4I03NEfqjJ
PAmviQ1p0BO5tMqVSG+/VkuYFJNyUGvuSrvUeIoQnoWljvKx5VnAq5KVCD6La1nn
o5JzNEvlqzOC1ClribxALyv/VJHJt6PDBF4S26ATwIdr8TCzSpe2Byjj9KN/qC94
JuT6hScERpT4ARIsJiDIDe0+9zBeglJuS/3sJozI+ani+VL/7uBL6MB50twgioFG
4+5MNgc4VYgX35U0z+fStncZAScByXWdxaMDYx9brfZeaeEhiZA6wXYCf8kpaW94
zDOvBCH+GR1O2nALdlMVFrThQdTkq1AtMQ58Uuaxpu1LBGrMVfz/VCDEurWog+U1
7uxRwx9o6lJvno3oPQTfHkcuHZosOE0KdfdJ1Tcmj1pVZVjeaxu7HEW2H73YRhBN
Fc4XIxaO7URyYwtzxzH9yU18wKCp+g/mm5apgbbcz1kBS+fR3Go=
=zvW4
-----END PGP SIGNATURE-----

13
share/security/patches/SA-20:27/ure.11.patch Normal file
View file

@ -0,0 +1,13 @@
--- sys/dev/usb/net/if_ure.c.orig
+++ sys/dev/usb/net/if_ure.c
@@ -710,7 +710,9 @@
~URE_RXDY_GATED_EN);
/* Set Rx mode. */
- rxmode = URE_RCR_APM;
+ rxmode = ure_read_4(sc, URE_PLA_RCR, URE_MCU_TYPE_PLA);
+ rxmode &= ~URE_RCR_ACPT_ALL;
+ rxmode |= URE_RCR_APM;
/* If we want promiscuous mode, set the allframes bit. */
if (ifp->if_flags & IFF_PROMISC)

18
share/security/patches/SA-20:27/ure.11.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl9hOJdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cIisRAAlVB+hNBKrmr7kjc+cOeeLofnAppEywIJsQoKus4y7P23K2gguL+zJX6p
UTMSysmDXJG1OVEzpLpq7R6mGWD18vOMvKyNgijnGJeeIwjGqACHK68v2tFosW61
g4kRKIuuLMxeqrySn4P8IgKRVV6Em+/LuYkqr5v3BuKFpAzPxNmvmLEVzaoqh+wS
SJgVucuogTxjYwb2pTcIig+rtkE3FHD+x5WxS5DzfCDlp3mqaMSCyoNeF8JMzs7y
EXV57iDRjRC5IDBnr2dB55uHFielJioVmfLjMCMRAHlBX7q4Fu3Hobt8oHaOKtTD
mk2q3efR3MeIIfLTqwu/Xrzz7c+vCucg9ccpyjK561Kt38W8bUBhMUxN2nQXtUyR
ABsWQK8tE7Ie5cJhwF3ajcESEZ8nx0s9NrQYdFE/od+MVlWeXpGNsBoFDUoGILqS
sgpn+2QUoruEVUujUyfMK8H5bG4DrPeoN8Tn9VopA8VR0N7p00lyfKX3g1knGMyh
Bq778Est5lKi++h02YV8c25/T2pVd6rhPqpebggxVKaGoTgsTd7i5ty8/ExqOgUF
Y8CAF3MwAVwn0kdeUkcwexykPnb1VFPDmBFrN2EoJYERRqh+fTp44ifldeYr7dhl
hYHJDvtRY7mlTPekn0oXBJYuY1NJ77nOmxhXVBoVOuWJrjMcl5A=
=NUJu
-----END PGP SIGNATURE-----

16
share/security/patches/SA-20:27/ure.12.patch Normal file
View file

@ -0,0 +1,16 @@
--- sys/dev/usb/net/if_ure.c.orig
+++ sys/dev/usb/net/if_ure.c
@@ -816,9 +816,10 @@
URE_LOCK_ASSERT(sc, MA_OWNED);
- rxmode = URE_RCR_APM;
- if (ifp->if_flags & IFF_BROADCAST)
- rxmode |= URE_RCR_AB;
+ rxmode = ure_read_4(sc, URE_PLA_RCR, URE_MCU_TYPE_PLA);
+ rxmode &= ~(URE_RCR_AAP | URE_RCR_AM);
+ rxmode |= URE_RCR_APM; /* accept physical match packets */
+ rxmode |= URE_RCR_AB; /* always accept broadcasts */
if (ifp->if_flags & (IFF_ALLMULTI | IFF_PROMISC)) {
if (ifp->if_flags & IFF_PROMISC)
rxmode |= URE_RCR_AAP;

18
share/security/patches/SA-20:27/ure.12.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl9hOJdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJpVQ//c2z6nk+LDQaFYnDyg9Fkl0GqmVsJ0Ml3Wog1lUU0nOqacAhBmZTwq3Oq
dzQ2jstcf1dqj9Bt/6Q525Odt8Bk5zzzN6qHFL+kJiHDWB0aYCfACucYykVH7uIM
LF5XVX8zzHrCW3kvcAwukRB4XhN5eo4uPGpVcm9css5yIEYL++Bxq5UrrL6LgXd3
kDNMeCXe/RjhnUjwcfjSw+EgUhNlvWmWjV6d2tTxhzqtIfsovTfJuw6tqHsLFhCG
PGUmNi7dH1/OmdzPCrVuxzPy2VaZe8H8s6VXL8orbpw+RWZ6W8E/WOktK2S6HHLb
X0jv3fZ37K3SnydCKlCl5ATPhvhZWhVGSGXVEg4jA7MTU/rjMh1VlH8cPmH66z1x
DxhGH1dO9v/E6v4/YQ6fwMMGnmH0fDRRNs9rodPi6goj70OxvHPAIpbPvm4ZS26c
XvENpnz7rVZyJ8+iehnLQvsarNQ/neJipI7SpIVb1+2g/tHMbq77Mw6wpkB1kKyn
jB9uZZwVn7SlK3XvXZN3jTgTrMhuvTzPJ/0Ek3qYSqWbAPIen+GUC8XJZlO1QLoL
ShkEKWFZBuLmx+/emDG8tiu4WidmeCRHva3gjgOMijyNWETiajMFk7sVbKk974zi
DBquYG/wHWnsOOtSbOTAtIWopZdaxaA7HQVEcGY/6iB8/twlOl8=
=Adwg
-----END PGP SIGNATURE-----

29
share/security/patches/SA-20:28/bhyve_vmcs.patch Normal file
View file

@ -0,0 +1,29 @@
--- sys/amd64/vmm/amd/svm.c.orig
+++ sys/amd64/vmm/amd/svm.c
@@ -2198,8 +2198,11 @@
return (svm_modify_intr_shadow(svm_sc, vcpu, val));
}
- if (vmcb_write(svm_sc, vcpu, ident, val) == 0) {
- return (0);
+ /* Do not permit user write access to VMCB fields by offset. */
+ if (!VMCB_ACCESS_OK(ident)) {
+ if (vmcb_write(svm_sc, vcpu, ident, val) == 0) {
+ return (0);
+ }
}
reg = swctx_regptr(svm_get_guest_regctx(svm_sc, vcpu), ident);
--- sys/amd64/vmm/intel/vmx.c.orig
+++ sys/amd64/vmm/intel/vmx.c
@@ -3341,6 +3341,10 @@
if (vmxctx_setreg(&vmx->ctx[vcpu], reg, val) == 0)
return (0);
+ /* Do not permit user write access to VMCS fields by offset. */
+ if (reg < 0)
+ return (EINVAL);
+
error = vmcs_setreg(&vmx->vmcs[vcpu], running, reg, val);
if (error == 0) {

18
share/security/patches/SA-20:28/bhyve_vmcs.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl9hOJhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJOpA//d8gbQS8I5HdY/xWmt4RoQ8yhvE1v3AmOqt7o14CfKCfMSMFqu7lGXcB/
rkpIgKmGGS/j+XMeLAvmHtw4zdM1PdkJ4bk71GLfpT91YF9cC7eKHJreidDiMD9z
48DTlCz0lWg7sGLpas5viXZkX7WRhtHHLBzMAHh6k1Ew4N1A/668cH/ZU1C4w4pm
yXzY+su5yXKgdqhibOPlpvuYhITVkqHnkDyMqlppo/hxfjYNKBii+sDBAieGJBmp
1+sW6iCEXdZK+m9LCfiNPOWLE2dkZEqwOazoFBJDmjyp/EZW4sdGhkEgVsADodym
WOqZi8Ca2qfWm7NumGr20zsVbVe9Qx4dspRGLYcs3POaqa1LOg82lcys/h47t4Vw
0uM2UBRGS5XD1V5bB0BWOLYZc7ZlGljASzzZmhBt7MiBJcuzeTwhDGQO3L2otVG6
SAV1H46onKOU997Br9wH5yFNFgvHf26OjDrE4b9hgSDZsXafSk9mE1rWLLxKRKWT
//ZhN7F/L5JHmRtFMsHa2kKbYiwrxX/T17s9yupn/iOUdu0er+ECqER629PATrxx
5bQxE9geVD7LIEIyYSs7u9H0gP00N656gXIRTr4yQ77O7+AHfJYelHEo6XJNRSdb
Lql9kgsikbH3G2V4HdGBLdxOR/FeCuC5kP9Qoa2L0YVUbfadpUY=
=nYIH
-----END PGP SIGNATURE-----

163
share/security/patches/SA-20:29/bhyve_svm.patch Normal file
View file

@ -0,0 +1,163 @@
--- sys/amd64/vmm/amd/svm.c.orig
+++ sys/amd64/vmm/amd/svm.c
@@ -488,10 +488,23 @@
svm_enable_intercept(sc, vcpu, VMCB_CTRL1_INTCPT, VMCB_INTCPT_SHUTDOWN);
svm_enable_intercept(sc, vcpu, VMCB_CTRL1_INTCPT,
VMCB_INTCPT_FERR_FREEZE);
+ svm_enable_intercept(sc, vcpu, VMCB_CTRL1_INTCPT, VMCB_INTCPT_INVD);
+ svm_enable_intercept(sc, vcpu, VMCB_CTRL1_INTCPT, VMCB_INTCPT_INVLPGA);
svm_enable_intercept(sc, vcpu, VMCB_CTRL2_INTCPT, VMCB_INTCPT_MONITOR);
svm_enable_intercept(sc, vcpu, VMCB_CTRL2_INTCPT, VMCB_INTCPT_MWAIT);
+ /*
+ * Intercept SVM instructions since AMD enables them in guests otherwise.
+ * Non-intercepted VMMCALL causes #UD, skip it.
+ */
+ svm_enable_intercept(sc, vcpu, VMCB_CTRL2_INTCPT, VMCB_INTCPT_VMLOAD);
+ svm_enable_intercept(sc, vcpu, VMCB_CTRL2_INTCPT, VMCB_INTCPT_VMSAVE);
+ svm_enable_intercept(sc, vcpu, VMCB_CTRL2_INTCPT, VMCB_INTCPT_STGI);
+ svm_enable_intercept(sc, vcpu, VMCB_CTRL2_INTCPT, VMCB_INTCPT_CLGI);
+ svm_enable_intercept(sc, vcpu, VMCB_CTRL2_INTCPT, VMCB_INTCPT_SKINIT);
+ svm_enable_intercept(sc, vcpu, VMCB_CTRL2_INTCPT, VMCB_INTCPT_ICEBP);
+
/*
* From section "Canonicalization and Consistency Checks" in APMv2
* the VMRUN intercept bit must be set to pass the consistency check.
@@ -1236,43 +1249,45 @@
static const char *
exit_reason_to_str(uint64_t reason)
{
+ int i;
static char reasonbuf[32];
-
- switch (reason) {
- case VMCB_EXIT_INVALID:
- return ("invalvmcb");
- case VMCB_EXIT_SHUTDOWN:
- return ("shutdown");
- case VMCB_EXIT_NPF:
- return ("nptfault");
- case VMCB_EXIT_PAUSE:
- return ("pause");
- case VMCB_EXIT_HLT:
- return ("hlt");
- case VMCB_EXIT_CPUID:
- return ("cpuid");
- case VMCB_EXIT_IO:
- return ("inout");
- case VMCB_EXIT_MC:
- return ("mchk");
- case VMCB_EXIT_INTR:
- return ("extintr");
- case VMCB_EXIT_NMI:
- return ("nmi");
- case VMCB_EXIT_VINTR:
- return ("vintr");
- case VMCB_EXIT_MSR:
- return ("msr");
- case VMCB_EXIT_IRET:
- return ("iret");
- case VMCB_EXIT_MONITOR:
- return ("monitor");
- case VMCB_EXIT_MWAIT:
- return ("mwait");
- default:
- snprintf(reasonbuf, sizeof(reasonbuf), "%#lx", reason);
- return (reasonbuf);
+ static const struct {
+ int reason;
+ const char *str;
+ } reasons[] = {
+ { .reason = VMCB_EXIT_INVALID, .str = "invalvmcb" },
+ { .reason = VMCB_EXIT_SHUTDOWN, .str = "shutdown" },
+ { .reason = VMCB_EXIT_NPF, .str = "nptfault" },
+ { .reason = VMCB_EXIT_PAUSE, .str = "pause" },
+ { .reason = VMCB_EXIT_HLT, .str = "hlt" },
+ { .reason = VMCB_EXIT_CPUID, .str = "cpuid" },
+ { .reason = VMCB_EXIT_IO, .str = "inout" },
+ { .reason = VMCB_EXIT_MC, .str = "mchk" },
+ { .reason = VMCB_EXIT_INTR, .str = "extintr" },
+ { .reason = VMCB_EXIT_NMI, .str = "nmi" },
+ { .reason = VMCB_EXIT_VINTR, .str = "vintr" },
+ { .reason = VMCB_EXIT_MSR, .str = "msr" },
+ { .reason = VMCB_EXIT_IRET, .str = "iret" },
+ { .reason = VMCB_EXIT_MONITOR, .str = "monitor" },
+ { .reason = VMCB_EXIT_MWAIT, .str = "mwait" },
+ { .reason = VMCB_EXIT_VMRUN, .str = "vmrun" },
+ { .reason = VMCB_EXIT_VMMCALL, .str = "vmmcall" },
+ { .reason = VMCB_EXIT_VMLOAD, .str = "vmload" },
+ { .reason = VMCB_EXIT_VMSAVE, .str = "vmsave" },
+ { .reason = VMCB_EXIT_STGI, .str = "stgi" },
+ { .reason = VMCB_EXIT_CLGI, .str = "clgi" },
+ { .reason = VMCB_EXIT_SKINIT, .str = "skinit" },
+ { .reason = VMCB_EXIT_ICEBP, .str = "icebp" },
+ { .reason = VMCB_EXIT_INVD, .str = "invd" },
+ { .reason = VMCB_EXIT_INVLPGA, .str = "invlpga" },
+ };
+
+ for (i = 0; i < nitems(reasons); i++) {
+ if (reasons[i].reason == reason)
+ return (reasons[i].str);
}
+ snprintf(reasonbuf, sizeof(reasonbuf), "%#lx", reason);
+ return (reasonbuf);
}
#endif /* KTR */
@@ -1524,6 +1539,20 @@
case VMCB_EXIT_MWAIT:
vmexit->exitcode = VM_EXITCODE_MWAIT;
break;
+ case VMCB_EXIT_SHUTDOWN:
+ case VMCB_EXIT_VMRUN:
+ case VMCB_EXIT_VMMCALL:
+ case VMCB_EXIT_VMLOAD:
+ case VMCB_EXIT_VMSAVE:
+ case VMCB_EXIT_STGI:
+ case VMCB_EXIT_CLGI:
+ case VMCB_EXIT_SKINIT:
+ case VMCB_EXIT_ICEBP:
+ case VMCB_EXIT_INVD:
+ case VMCB_EXIT_INVLPGA:
+ vm_inject_ud(svm_sc->vm, vcpu);
+ handled = 1;
+ break;
default:
vmm_stat_incr(svm_sc->vm, vcpu, VMEXIT_UNKNOWN, 1);
break;
--- sys/amd64/vmm/amd/vmcb.h.orig
+++ sys/amd64/vmm/amd/vmcb.h
@@ -71,8 +71,8 @@
#define VMCB_INTCPT_INVD BIT(22)
#define VMCB_INTCPT_PAUSE BIT(23)
#define VMCB_INTCPT_HLT BIT(24)
-#define VMCB_INTCPT_INVPG BIT(25)
-#define VMCB_INTCPT_INVPGA BIT(26)
+#define VMCB_INTCPT_INVLPG BIT(25)
+#define VMCB_INTCPT_INVLPGA BIT(26)
#define VMCB_INTCPT_IO BIT(27)
#define VMCB_INTCPT_MSR BIT(28)
#define VMCB_INTCPT_TASK_SWITCH BIT(29)
@@ -134,12 +134,21 @@
#define VMCB_EXIT_POPF 0x71
#define VMCB_EXIT_CPUID 0x72
#define VMCB_EXIT_IRET 0x74
+#define VMCB_EXIT_INVD 0x76
#define VMCB_EXIT_PAUSE 0x77
#define VMCB_EXIT_HLT 0x78
+#define VMCB_EXIT_INVLPGA 0x7A
#define VMCB_EXIT_IO 0x7B
#define VMCB_EXIT_MSR 0x7C
#define VMCB_EXIT_SHUTDOWN 0x7F
+#define VMCB_EXIT_VMRUN 0x80
+#define VMCB_EXIT_VMMCALL 0x81
+#define VMCB_EXIT_VMLOAD 0x82
#define VMCB_EXIT_VMSAVE 0x83
+#define VMCB_EXIT_STGI 0x84
+#define VMCB_EXIT_CLGI 0x85
+#define VMCB_EXIT_SKINIT 0x86
+#define VMCB_EXIT_ICEBP 0x88
#define VMCB_EXIT_MONITOR 0x8A
#define VMCB_EXIT_MWAIT 0x8B
#define VMCB_EXIT_NPF 0x400

18
share/security/patches/SA-20:29/bhyve_svm.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl9hOJhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cI5PhAAgsXuFNy2fRvNjAgJoY41AIwBr/5T+0WM09YykMcTC1EQBm1AjRI9jgAm
V4HUQeH7ygs9TVkn+F02iLHSSCJAneu2nPNIalCxyKwhpXpJiYktrJ5wLVC7Q2DC
63Lc7WrfJ858+9ehXh4bvCTJeOJxOIyvaoOLEPslaGje/YD+plqdNWO036D0w+7j
Fbx2rvCILLKIaxVYLCmhm/6V46dT1HHwXJP1dGuKr1ZSq6MGley3KGl7b5b7xb0E
gfZh09QBH7tfATTHnAv2FvLzSBCDn4aZlFZl0uvK8qbK5ZFyfEPicu4SGHtXrMzK
0tBATwLwf1JwgBvYKLR+kywxceVgbLTY0iAo354/GcjHzXR3JE4hxDD4/2FL+r10
Q8A75AV1/SPf4UOczgapzvqY1zj6M8/ibOPEU+0qaN8YotabGEUr3DLR0d5nWWm1
BQnBifkyb9ux8AfWjtWHYu6zY5r4sHCZQQXUJHOyCUGpG0mX2p+MxZWCuTJGrYOs
PZyZoJw1vH2rpUcgLikDYkDXCpWNCzwUH7p+tmOAC7EnlFCfxzuv4qgzC538XB76
wMkfVM2W1h5BXJQP/G+ELCvXX0REQRO1cMn4rIxmO0EOWpL9SVYUHQ53/MbEOBkf
QBkb0COWyNblj6eKG8Cigv0OP1p8iXNXT3zmG6eXeOHckgt6tPA=
=+DkR
-----END PGP SIGNATURE-----

27
share/security/patches/SA-20:30/ftpd.patch Normal file
View file

@ -0,0 +1,27 @@
--- libexec/ftpd/ftpd.c.orig
+++ libexec/ftpd/ftpd.c
@@ -1596,13 +1596,20 @@
* (uid 0 has no root power over NFS if not mapped explicitly.)
*/
if (seteuid(pw->pw_uid) < 0) {
- reply(550, "Can't set uid.");
- goto bad;
+ if (guest || dochroot) {
+ fatalerror("Can't set uid.");
+ } else {
+ reply(550, "Can't set uid.");
+ goto bad;
+ }
}
+ /*
+ * Do not allow the session to live if we're chroot()'ed and chdir()
+ * fails. Otherwise the chroot jail can be escaped.
+ */
if (chdir(homedir) < 0) {
if (guest || dochroot) {
- reply(550, "Can't change to base directory.");
- goto bad;
+ fatalerror("Can't change to base directory.");
} else {
if (chdir("/") < 0) {
reply(550, "Root is inaccessible.");

18
share/security/patches/SA-20:30/ftpd.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl9hOJhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKBCQ//ZA1qgbTQomNYbe+s3EsrdvULsyheLjx/Do9P8FjN84pASt4ILIDCykRf
vGEMeAB5u4ngvHIUuTm2C0DWeLyyzy9kqoRT8l8CiN7TjAkzHc12vI/c9ruO9nbk
f4C7ia01AaRhaktHjz3vgctzGKHAFEKZ9EvjHftW4Qbv4FOLWrCV2ys2icfW2wEI
ZLuDZIrcMbQj60mO62h+HJUcAIZ+ssOPEM1+tLhmCd3qvqaiHYeTgnm5llAZAS6X
hfH44FgZ/YRXXPj0Asx9aI/RQX8sLIVW7frgDdn6/n3xffl7pdvWjhRf5q4Cy2pl
w9hkc1KGUtACaVoz8SlT+FxeKKwdwX1xlX1sb8vrAuyskZmy1Ne05p0xGX5YDrL0
QVGEQjndhgi6k2OXjvukME1C7SotC8guMbZtanhCVIsnyE2HdOlsySXvBY4txAl8
FgbDhrHnGFRdLFAFdwNaxooKkEG6oiF5FcSkfkOCcW43yh6zEJvybC7BVpzJd7Ry
PUZOfytXZAyzB9fqWnku93O4qRakY/do9q3olfk0hRzqoFBpakZ/kMp0dpdWS7Nt
DKdUUtf7MKkt3dxxLSqVNvLkLICnzTjj+E5hRU6Y9XDhvs89/Ut5nDNUJE8crQf2
juy1ajNlmo5/Pp/0wI9fybDen2YEBPzqN1U1Gm9qKKuyb76POzc=
=IcX7
-----END PGP SIGNATURE-----

21
share/xml/advisories.xml
View file

@ -10,6 +10,27 @@
<month>
<name>9</name>
<day>
<name>15</name>
<advisory>
<name>FreeBSD-SA-20:30.ftpd</name>
</advisory>
<advisory>
<name>FreeBSD-SA-20:29.bhyve_svm</name>
</advisory>
<advisory>
<name>FreeBSD-SA-20:28.bhyve_vmcs</name>
</advisory>
<advisory>
<name>FreeBSD-SA-20:27.ure</name>
</advisory>
</day>
<day>
<name>2</name>