-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-21:01.tzdata Errata Notice
The FreeBSD Project
Topic: Timezone database information update
Category: contrib
Module: zoneinfo
Announced: 2021-01-29
Affects: All supported versions of FreeBSD.
Corrected: 2021-01-25 21:56:55 UTC (stable/12, 12.2-STABLE)
2021-01-29 01:20:49 UTC (releng/12.2, 12.2-RELEASE-p3)
2021-01-29 01:05:59 UTC (releng/12.1, 12.1-RELEASE-p13)
2021-01-25 21:57:06 UTC (stable/11, 11.4-STABLE)
2021-01-29 00:19:59 UTC (releng/11.4, 11.4-RELEASE-p7)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The tzsetup(8) program allows the user to specify the default local timezone.
Based on the selected timezone, tzsetup(8) copies one of the files from
/usr/share/zoneinfo to /etc/localtime. This file actually controls the
conversion.
II. Problem Description
Several changes in Daylight Savings Time happened after previous FreeBSD
releases were released that would affect many people who live in different
countries. Because of these changes, the data in the zoneinfo files need to
be updated, and if the local timezone on the running system is affected,
tzsetup(8) needs to be run so the /etc/localtime is updated.
III. Impact
An incorrect time will be displayed on a system configured to use one of the
affected timezones if the /usr/share/zoneinfo and /etc/localtime files are
not updated, and all applications on the system that rely on the system time,
such as cron(8) and syslog(8), will be affected.
IV. Workaround
The system administrator can install an updated timezone database from the
misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected.
Applications that store and display times in Coordinated Universal Time (UTC)
are not affected.
V. Solution
Please note that some third party software, for instance PHP, Ruby, Java and
Perl, may be using different zoneinfo data source, in such cases this
software must be updated separately. For software packages that is installed
via binary packages, they can be upgraded by executing `pkg upgrade'.
Following the instructions in this Errata Notice will update all of the
zoneinfo files to be the same as what was released with FreeBSD release.
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date. Restart all the affected
applications and daemons, or reboot the system.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Restart all the affected applications and daemons, or reboot the system.
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-21:01/tzdata-2021a.patch
# fetch https://security.FreeBSD.org/patches/EN-21:01/tzdata-2021a.patch.asc
# gpg --verify tzdata-2021a.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all the affected applications and daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12 r369143
releng/12.2 r369171
releng/12.1 r369162
stable/11/ r369144
releng/11.4/ r369153
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision hash:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:01.tzdata.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATc6pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cIAXRAAn4FNyXf6ic+keho9nSZJukGrZNOaEj18LDBUKf1ckdntqxk4hlFMc0c/
CpzgH8l4K8YP/Svfi0IgkBgOP2RAaLqCIwica5TPyfc9LmFJrNKD4un/cmb9rjQO
Mpg8y699V8dxUPklRehBj5vIvFYA+a9cPr4PWrB+wBMt96LZAWKfPVRwntswTQsF
gw+iiynEbmSqZn0MG6Yj7jtcomG46Y5j3E9zMxjzyPCDxFx2Ujegn5u7fw/RRVFI
/LTylZzbk4i/bFWtkVP3wIvF+l3tX8M+W3WH7s2DbHombLl3yhw0Ns4C+IabrMm4
aOxF2daHJSv0JV/lCAsSylyKdSoafs86OLp9E0kuEwm/aTOJvYKxatKyeahfBU1h
Fj3dxTmrZ7QWisOm6PyI7idFvVOb4UnjH8NfGoKKokxSfW3mT44ayZTpk7O7VH+s
6LlTP025k6rDqMT/MZZcINEssMHY8bGC/YzURcEZZxoHMaFqHSKvP1uYwos9tj+D
BNvAxtr3q8+LGBrhas9sauESwpbVL28/b85Bl/Npqeh7xuBDuNPkJG4EnFA1TlbT
6YU1Bqv9553Zy2pAGQ/6lwD5ierwUG0ATyxLgmZ1II0oQ1LFfzKryBShOhoBI9IP
V3WMQdq3MgyWrPfnmBltfRk5XPj9dvGFzG3UK5IpvgdzsE2tLxA=
=bWE9
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Thursday, January 28, 2021
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:05.libatomic
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-21:05.libatomic Errata Notice
The FreeBSD Project
Topic: Addition of atomic and bswap functions to libcompiler_rt
Category: core
Module: libcompiler_rt
Announced: 2021-01-29
Affects: FreeBSD 11.4
Corrected: 2020-09-12 16:33:05 UTC (stable/11, 11.4-STABLE)
2021-01-29 00:20:06 UTC (releng/11.4, 11.4-RELEASE-p7)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
libcompiler_rt is a simple library that provides an implementation of low-level
target-specific functionality required by the Clang compiler.
II. Problem Description
The FreeBSD build system does not include all source files of libcompiler_rt.
In particular, it misses the atomic.c file, which implements atomic memory
routines for the i386 architecture.
III. Impact
When compiling software that makes use of atomic functions, as well as __bswap*
functions, the compiler emits calls to them expecting that these will be
available from libcompiler_rt. Due to this, the linker fails to resolve
mentioned functions and the build fails.
The problem occurs only when targeting the i386 platform.
IV. Workaround
The problem can be worked around by using GCC compiler to build the software.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-21:05/libatomic.patch
# fetch https://security.FreeBSD.org/patches/EN-21:05/libatomic.patch.asc
# gpg --verify libatomic.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all daemons that use the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/11/ r365661
releng/11.4/ r369155
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:05.libatomic.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbipfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKteBAAicm8nXlOWYeIu2qcgqKVEhWNwleLdfnAGPcs0ALuUEnSGZ2DIfsdl4J0
eTOeIJC9ELpHrSoaAtlrM7huEkdtMDRHrLWfSlW7Zev3B7ZQ+v+GsdYAw1h86Erf
uNt3iCvfhltDGVHVb0bGHQw2biIn9UD36CVOC9WqMhubLU/sjEy4FbjwRvVWUyRc
UtR+WUf6W8IZnd3iJOlF/YnxDcEWclMPFnEdKMgBByl0dSoVuwIQfwuWm6Wl4WjA
p1KUs+l/AUn5IJB7U7dLmB5tIGgvElzONwPb9S3M1BQaLDjS2+PLrE6/pxSpDNHS
y/Oo2652ZaGG1OWAGzemKinpllLelkywPjbQwEEkjelqPnPoVMWzjM4UwmF0S5gj
hnlB17BvH5qomMFnAiyVQO9cH85G4sKcKgVQSMU/gRzlrSMyqZ5ImLfltMOJi27H
U3SQ36LljP6cu55bDlswBmAe6Ria748d5z4efSs/DGfgeFSYlSYF7zTLZtbw8wcP
bXjeDVTMcAEGGjDFWjy2hU2zUhgQVBOSb1+IB3ziOHizUdOe9U5NaEZSoTA/S4rp
Hrf8P8LKN5BgWh6j+jXI18RpwGtRNbL4Ev0wP0iG7SXth8cRkjymzq4qcGsIBMh/
GjyNqC1CzzvQz4YDf6GqkOZWE3kAzUM+iyGyYpZIDdCx32Ir/e4=
=RTBx
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-EN-21:05.libatomic Errata Notice
The FreeBSD Project
Topic: Addition of atomic and bswap functions to libcompiler_rt
Category: core
Module: libcompiler_rt
Announced: 2021-01-29
Affects: FreeBSD 11.4
Corrected: 2020-09-12 16:33:05 UTC (stable/11, 11.4-STABLE)
2021-01-29 00:20:06 UTC (releng/11.4, 11.4-RELEASE-p7)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
libcompiler_rt is a simple library that provides an implementation of low-level
target-specific functionality required by the Clang compiler.
II. Problem Description
The FreeBSD build system does not include all source files of libcompiler_rt.
In particular, it misses the atomic.c file, which implements atomic memory
routines for the i386 architecture.
III. Impact
When compiling software that makes use of atomic functions, as well as __bswap*
functions, the compiler emits calls to them expecting that these will be
available from libcompiler_rt. Due to this, the linker fails to resolve
mentioned functions and the build fails.
The problem occurs only when targeting the i386 platform.
IV. Workaround
The problem can be worked around by using GCC compiler to build the software.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-21:05/libatomic.patch
# fetch https://security.FreeBSD.org/patches/EN-21:05/libatomic.patch.asc
# gpg --verify libatomic.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all daemons that use the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/11/ r365661
releng/11.4/ r369155
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:05.libatomic.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbipfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKteBAAicm8nXlOWYeIu2qcgqKVEhWNwleLdfnAGPcs0ALuUEnSGZ2DIfsdl4J0
eTOeIJC9ELpHrSoaAtlrM7huEkdtMDRHrLWfSlW7Zev3B7ZQ+v+GsdYAw1h86Erf
uNt3iCvfhltDGVHVb0bGHQw2biIn9UD36CVOC9WqMhubLU/sjEy4FbjwRvVWUyRc
UtR+WUf6W8IZnd3iJOlF/YnxDcEWclMPFnEdKMgBByl0dSoVuwIQfwuWm6Wl4WjA
p1KUs+l/AUn5IJB7U7dLmB5tIGgvElzONwPb9S3M1BQaLDjS2+PLrE6/pxSpDNHS
y/Oo2652ZaGG1OWAGzemKinpllLelkywPjbQwEEkjelqPnPoVMWzjM4UwmF0S5gj
hnlB17BvH5qomMFnAiyVQO9cH85G4sKcKgVQSMU/gRzlrSMyqZ5ImLfltMOJi27H
U3SQ36LljP6cu55bDlswBmAe6Ria748d5z4efSs/DGfgeFSYlSYF7zTLZtbw8wcP
bXjeDVTMcAEGGjDFWjy2hU2zUhgQVBOSb1+IB3ziOHizUdOe9U5NaEZSoTA/S4rp
Hrf8P8LKN5BgWh6j+jXI18RpwGtRNbL4Ev0wP0iG7SXth8cRkjymzq4qcGsIBMh/
GjyNqC1CzzvQz4YDf6GqkOZWE3kAzUM+iyGyYpZIDdCx32Ir/e4=
=RTBx
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:04.zfs
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-21:04.zfs Errata Notice
The FreeBSD Project
Topic: zfs recv fails to propagate snapshot deletion
Category: core
Module: zfs
Announced: 2021-01-29
Affects: FreeBSD 12.2
Corrected: 2020-12-01 08:15:18 UTC (stable/12, 12.2-STABLE)
2021-01-29 01:20:55 UTC (releng/12.2, 12.2-RELEASE-p3)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The zfs send/receive commands are used to efficiently copy datasets from one
location to another. With the -i or -I flags, zfs send can incrementally
update an already-copied dataset. When using the -R flag with zfs send and the
- -F flag with zfs receive, zfs receive will delete any snapshots on the
destination that have already been deleted on the source.
II. Problem Description
A regression in FreeBSD 12.2 causes zfs receive to fail to delete snapshots
that have been deleted on the source side.
III. Impact
Backup and replication systems based on ZFS send/receive that manage snapshots
solely on the source side will fail to delete snapshots on the destination
side. This may lead to out-of-space conditions on the destination.
IV. Workaround
Errant snapshots can be manually removed from the destination with "zfs destroy".
Backup and replication systems that don't use the -R flag with zfs send will be
unaffected. For example, sysutils/zrepl is unaffected.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-21:04/zfs.patch
# fetch https://security.FreeBSD.org/patches/EN-21:04/zfs.patch.asc
# gpg --verify zfs.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all daemons that link directly to libzfs.so. A restart is not required
for daemons that invoke the zfs executable.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r368233
releng/12.2/ r369173
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249438>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:04.zfs.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbipfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJhhw//ajaGQV4/Ln4SmgsyYS01De9bXSI26dBcZlfGDUDL4l/W4qF1KnsTuPXx
ubGoFDjAArT+AzAoTddQeKuty8VPR8UUCQfONgdWUvjlSZ3k1iLa6pTR/BHxSyZ3
rh7olc8wSt13JBOoafCjGkuzRNLtz7oqP0qrGB/aKSbU3IzCW8fHSFnIFVaRK/Nh
Zr9Lisp4mIBgBmAY3Oof50ONPrjoDEYff+G+52LSUSMIwGPVmEqFz1qrSzQ+SFO0
kylegth1sBeEgPQZAuyXX6liJpsL/AEdYQvosykmBw3DGQqt9glo+hl6CU7/g2dn
iA8O7tO0zgaHtWbAUQYdtHJKeqa5UbaDRKeDw3aXm6TwHmZN7BfQz6SWRK2QOhcc
btn5yP6QhbpTFmWRkWtSehn+eISolDF4iCG9St664xpNV7l0AzSXm8saVrR2/Eix
IPCK2nyhddyDyVCkkSaZw8rris5De8gAGsv0K+nvJqYhVMdbIyTnU62UzHrgPPXS
kAe0Z/FnPmcQ7GXN/dSIzd17WMqKwGgsHMbLFw/BMP+kaM++mMY7ZdyPyx1gapB+
qzvRhFoNKpNVGMaMK/y+BPB2Ak3OHj6lqPFptjd9HNlszVYuZ3Od25oQBO0dupQf
jsTSler1ShPYyOwG8QE0sXjpMYVZhFgsZXiZVUrACkfunuDnXtI=
=fhrM
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-EN-21:04.zfs Errata Notice
The FreeBSD Project
Topic: zfs recv fails to propagate snapshot deletion
Category: core
Module: zfs
Announced: 2021-01-29
Affects: FreeBSD 12.2
Corrected: 2020-12-01 08:15:18 UTC (stable/12, 12.2-STABLE)
2021-01-29 01:20:55 UTC (releng/12.2, 12.2-RELEASE-p3)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The zfs send/receive commands are used to efficiently copy datasets from one
location to another. With the -i or -I flags, zfs send can incrementally
update an already-copied dataset. When using the -R flag with zfs send and the
- -F flag with zfs receive, zfs receive will delete any snapshots on the
destination that have already been deleted on the source.
II. Problem Description
A regression in FreeBSD 12.2 causes zfs receive to fail to delete snapshots
that have been deleted on the source side.
III. Impact
Backup and replication systems based on ZFS send/receive that manage snapshots
solely on the source side will fail to delete snapshots on the destination
side. This may lead to out-of-space conditions on the destination.
IV. Workaround
Errant snapshots can be manually removed from the destination with "zfs destroy".
Backup and replication systems that don't use the -R flag with zfs send will be
unaffected. For example, sysutils/zrepl is unaffected.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-21:04/zfs.patch
# fetch https://security.FreeBSD.org/patches/EN-21:04/zfs.patch.asc
# gpg --verify zfs.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all daemons that link directly to libzfs.so. A restart is not required
for daemons that invoke the zfs executable.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r368233
releng/12.2/ r369173
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249438>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:04.zfs.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbipfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJhhw//ajaGQV4/Ln4SmgsyYS01De9bXSI26dBcZlfGDUDL4l/W4qF1KnsTuPXx
ubGoFDjAArT+AzAoTddQeKuty8VPR8UUCQfONgdWUvjlSZ3k1iLa6pTR/BHxSyZ3
rh7olc8wSt13JBOoafCjGkuzRNLtz7oqP0qrGB/aKSbU3IzCW8fHSFnIFVaRK/Nh
Zr9Lisp4mIBgBmAY3Oof50ONPrjoDEYff+G+52LSUSMIwGPVmEqFz1qrSzQ+SFO0
kylegth1sBeEgPQZAuyXX6liJpsL/AEdYQvosykmBw3DGQqt9glo+hl6CU7/g2dn
iA8O7tO0zgaHtWbAUQYdtHJKeqa5UbaDRKeDw3aXm6TwHmZN7BfQz6SWRK2QOhcc
btn5yP6QhbpTFmWRkWtSehn+eISolDF4iCG9St664xpNV7l0AzSXm8saVrR2/Eix
IPCK2nyhddyDyVCkkSaZw8rris5De8gAGsv0K+nvJqYhVMdbIyTnU62UzHrgPPXS
kAe0Z/FnPmcQ7GXN/dSIzd17WMqKwGgsHMbLFw/BMP+kaM++mMY7ZdyPyx1gapB+
qzvRhFoNKpNVGMaMK/y+BPB2Ak3OHj6lqPFptjd9HNlszVYuZ3Od25oQBO0dupQf
jsTSler1ShPYyOwG8QE0sXjpMYVZhFgsZXiZVUrACkfunuDnXtI=
=fhrM
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:03.vnet
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-21:03.vnet Errata Notice
The FreeBSD Project
Topic: Panic when destroying VNET and epair simultaneously
Category: core
Module: kernel
Announced: 2021-01-29
Affects: FreeBSD 12.1 and later.
Corrected: 2020-12-15 15:33:28 UTC (stable/12, 12.2-STABLE)
2021-01-29 01:20:52 UTC (releng/12.2, 12.2-RELEASE-p3)
2021-01-29 01:06:03 UTC (releng/12.1, 12.1-RELEASE-p13)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
VNET permits systems to be configured with multiple instances of the in-kernel
network stack.
The epair(4) interface provides a pair of virtual back-to-back connected
Ethernet interfaces.
II. Problem Description
Insufficient locking in the kernel meant that destroying an epair and a vnet
jail at the same time often resulted in panics.
III. Impact
Users with root level access (or the PRIV_NET_IFCREATE privilege) can panic
the system.
IV. Workaround
The panic can be avoided by ensuring that epair interfaces are fully destroyed
before the vnet jails containing them are destroyed.
Systems not using vnet jails are not affected.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date and reboot.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for an errata update"
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-21:03/vnet.patch
# fetch https://security.FreeBSD.org/patches/EN-21:03/vnet.patch.asc
# gpg --verify vnet.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r368663
releng/12.2/ r369172
releng/12.1/ r369163
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238870>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:03.vnet.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbipfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKE3Q/+KQ96Grm2zOsWHVAl5Oz2TBdc7nGkIYSk59zFcmVMqduvKSjiJ3S1yLdX
NsPm3KyFYeU7L/QM9Owsk1DTSnRrlwhbcM3/x+662bcgP1RWe3XL6n9fQ2V5eESO
9wAKtwrkE5btGxp6WLNAZ1Ximb1rKtOi4hqLK1Rhqhl93ecw7gyp+Qs6ukj41cnT
8+9AwHjvzYokrUDP7lIsKMQ4C29Fw4o2/0RwCCEmLlGRWLOWGM910RjgaFat02Gi
nOLXXlI9mSApthMnlTun4cSn+rbzawyTXD8AIa/kwEd00yDej4IceBlqWXot8Sjw
aXqJuix5qs0aVJcrQ2g9bkytnSMeO79EpCLyy/PDMJ1NUcQG8oaN/EcxNjb/U9p2
sbjWSf4t1leTl76TWsGsNAWHkjUwMPYHDstG4jsRv+Y+m4sSWa6gYYitaOtK4paO
wDDqpWHFJXOCEIrL3+HJcwOWr4hxhmZFgKNXeZN6l5WCKY/Xqjxqt7zBSpixiz01
VEn3uNs1ePuEA80Ae+D8v4yzjjfuE5/MDfEsoaxtP6dalNtJlIaFhVgZYcsxpOfK
xKC8dzdnEyq970+ZW/2ESYBxGTcnVQMxASI73QYuaKbRkcVqgW6XjHJHh+0tNLkV
sPhgxy/eOkbsu9qcIOn+tTbNTo3CjW0/ZmdE0YX9XItgbGHFQvg=
=1ekp
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-EN-21:03.vnet Errata Notice
The FreeBSD Project
Topic: Panic when destroying VNET and epair simultaneously
Category: core
Module: kernel
Announced: 2021-01-29
Affects: FreeBSD 12.1 and later.
Corrected: 2020-12-15 15:33:28 UTC (stable/12, 12.2-STABLE)
2021-01-29 01:20:52 UTC (releng/12.2, 12.2-RELEASE-p3)
2021-01-29 01:06:03 UTC (releng/12.1, 12.1-RELEASE-p13)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
VNET permits systems to be configured with multiple instances of the in-kernel
network stack.
The epair(4) interface provides a pair of virtual back-to-back connected
Ethernet interfaces.
II. Problem Description
Insufficient locking in the kernel meant that destroying an epair and a vnet
jail at the same time often resulted in panics.
III. Impact
Users with root level access (or the PRIV_NET_IFCREATE privilege) can panic
the system.
IV. Workaround
The panic can be avoided by ensuring that epair interfaces are fully destroyed
before the vnet jails containing them are destroyed.
Systems not using vnet jails are not affected.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date and reboot.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for an errata update"
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-21:03/vnet.patch
# fetch https://security.FreeBSD.org/patches/EN-21:03/vnet.patch.asc
# gpg --verify vnet.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r368663
releng/12.2/ r369172
releng/12.1/ r369163
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238870>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:03.vnet.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbipfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKE3Q/+KQ96Grm2zOsWHVAl5Oz2TBdc7nGkIYSk59zFcmVMqduvKSjiJ3S1yLdX
NsPm3KyFYeU7L/QM9Owsk1DTSnRrlwhbcM3/x+662bcgP1RWe3XL6n9fQ2V5eESO
9wAKtwrkE5btGxp6WLNAZ1Ximb1rKtOi4hqLK1Rhqhl93ecw7gyp+Qs6ukj41cnT
8+9AwHjvzYokrUDP7lIsKMQ4C29Fw4o2/0RwCCEmLlGRWLOWGM910RjgaFat02Gi
nOLXXlI9mSApthMnlTun4cSn+rbzawyTXD8AIa/kwEd00yDej4IceBlqWXot8Sjw
aXqJuix5qs0aVJcrQ2g9bkytnSMeO79EpCLyy/PDMJ1NUcQG8oaN/EcxNjb/U9p2
sbjWSf4t1leTl76TWsGsNAWHkjUwMPYHDstG4jsRv+Y+m4sSWa6gYYitaOtK4paO
wDDqpWHFJXOCEIrL3+HJcwOWr4hxhmZFgKNXeZN6l5WCKY/Xqjxqt7zBSpixiz01
VEn3uNs1ePuEA80Ae+D8v4yzjjfuE5/MDfEsoaxtP6dalNtJlIaFhVgZYcsxpOfK
xKC8dzdnEyq970+ZW/2ESYBxGTcnVQMxASI73QYuaKbRkcVqgW6XjHJHh+0tNLkV
sPhgxy/eOkbsu9qcIOn+tTbNTo3CjW0/ZmdE0YX9XItgbGHFQvg=
=1ekp
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:02.extattr
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-21:02.extattr Errata Notice
The FreeBSD Project
Topic: UFS extattr corruption
Category: core
Module: UFS
Announced: 2021-01-29
Affects: FreeBSD 11.4
Corrected: 2021-01-18 18:54:32 UTC (stable/11, 11.4-STABLE)
2021-01-29 19:20:02 UTC (releng/11.4, 11.4-RELEASE-p7)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
Named extended attributes are meta-data associated with vnodes representing
files and directories. They exist as "name=value" pairs within a set of
namespaces. The UFS filesystem supports extended attributes.
II. Problem Description
Under certain conditions FreeBSD 11.x releases may produce a corrupt extattr
file, and later attempts to access these extended attributes may result in
system misbehavior. For example, lsextattr may spin at 100% CPU until the
system is shut down.
The issue that results in corrupt extattr data is not present in supported
FreeBSD 12.x versions.
III. Impact
The system may not function as required with extended attributes in use.
IV. Workaround
No workaround is available. Systems not using extended attributes are not
vulnerable.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and reboot.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for an errata update"
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 11.4]
# fetch https://security.FreeBSD.org/patches/EN-12:02/extattr.patch
# fetch https://security.FreeBSD.org/patches/EN-12:02/extattr.patch.asc
# gpg --verify extattr.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/11/ r369045
releng/11.4/ r369154
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244089>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:02.extattr.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbiRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKxMBAAjpesCOTrkqvjjKZmez8ACSUdaa7IYMLbJpeXW+0IbFVU/IQdK5/aq6r1
j/LytAbQ0yDlzfEggCeIWKGkbvaNs0eUVCx/1AOjWdxWePvrlpJ2GQNsHGZeWzBc
QUv9LEao0MQF9UGjd0JV81nTE2DT4a2F3WVdfuX2QfkWntfWwpXf3Uf3Cvi6Cpfy
rbZTkFeBmFvfgJu13co4re1gur8eYvMyNqcp+FO9OttEr/Fg5D/okQfp+0uZ1uIl
80WNZLwgnJG07FBVgcjbbVr/JJJqzVQh3opUa4+6UZaaHoRszs4jE4Mc22C0G4Ma
8vtBp4Z/Ndznv04TvTNiAyS3aAe0ums4yotZJBJEuVr1rA1lC6YgRVT9+qfsPcWT
SuVM16NS4VGVpN5SruptLbrbTHQARDAAWDbtP1fB8ccvBIonf0hh5AOcKFBxHHY3
NoKHLV373zTauvxqy7RKRAtnB2oB0uMT4j0lwJmn7CM1h+lL1GcVy1PTDVQ4mk+N
2/I51AcbURjmWqxTTORI6p8CgLsiwPfdsup5T2g/JPu2nc9COWL/WKCytP2pXji3
+Lu+SJldxUCx8JiiCSFma7ZG/sjB+B1vOajzULqBWUgTH6YpX8gV78amDHmzRq20
2is7fa+63ImVHtCZAIeSs/PGU2v+MDQ6eBNqFTccbgVvINEmMNE=
=XIov
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-EN-21:02.extattr Errata Notice
The FreeBSD Project
Topic: UFS extattr corruption
Category: core
Module: UFS
Announced: 2021-01-29
Affects: FreeBSD 11.4
Corrected: 2021-01-18 18:54:32 UTC (stable/11, 11.4-STABLE)
2021-01-29 19:20:02 UTC (releng/11.4, 11.4-RELEASE-p7)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
Named extended attributes are meta-data associated with vnodes representing
files and directories. They exist as "name=value" pairs within a set of
namespaces. The UFS filesystem supports extended attributes.
II. Problem Description
Under certain conditions FreeBSD 11.x releases may produce a corrupt extattr
file, and later attempts to access these extended attributes may result in
system misbehavior. For example, lsextattr may spin at 100% CPU until the
system is shut down.
The issue that results in corrupt extattr data is not present in supported
FreeBSD 12.x versions.
III. Impact
The system may not function as required with extended attributes in use.
IV. Workaround
No workaround is available. Systems not using extended attributes are not
vulnerable.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and reboot.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for an errata update"
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 11.4]
# fetch https://security.FreeBSD.org/patches/EN-12:02/extattr.patch
# fetch https://security.FreeBSD.org/patches/EN-12:02/extattr.patch.asc
# gpg --verify extattr.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/11/ r369045
releng/11.4/ r369154
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244089>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:02.extattr.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbiRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKxMBAAjpesCOTrkqvjjKZmez8ACSUdaa7IYMLbJpeXW+0IbFVU/IQdK5/aq6r1
j/LytAbQ0yDlzfEggCeIWKGkbvaNs0eUVCx/1AOjWdxWePvrlpJ2GQNsHGZeWzBc
QUv9LEao0MQF9UGjd0JV81nTE2DT4a2F3WVdfuX2QfkWntfWwpXf3Uf3Cvi6Cpfy
rbZTkFeBmFvfgJu13co4re1gur8eYvMyNqcp+FO9OttEr/Fg5D/okQfp+0uZ1uIl
80WNZLwgnJG07FBVgcjbbVr/JJJqzVQh3opUa4+6UZaaHoRszs4jE4Mc22C0G4Ma
8vtBp4Z/Ndznv04TvTNiAyS3aAe0ums4yotZJBJEuVr1rA1lC6YgRVT9+qfsPcWT
SuVM16NS4VGVpN5SruptLbrbTHQARDAAWDbtP1fB8ccvBIonf0hh5AOcKFBxHHY3
NoKHLV373zTauvxqy7RKRAtnB2oB0uMT4j0lwJmn7CM1h+lL1GcVy1PTDVQ4mk+N
2/I51AcbURjmWqxTTORI6p8CgLsiwPfdsup5T2g/JPu2nc9COWL/WKCytP2pXji3
+Lu+SJldxUCx8JiiCSFma7ZG/sjB+B1vOajzULqBWUgTH6YpX8gV78amDHmzRq20
2is7fa+63ImVHtCZAIeSs/PGU2v+MDQ6eBNqFTccbgVvINEmMNE=
=XIov
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:02.xenoom
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-21:02.xenoom Security Advisory
The FreeBSD Project
Topic: Xen guests can triger backend Out Of Memory
Category: contrib
Module: Xen
Announced: 2021-01-29
Credits: See Xen XSA-349 for details
Affects: All supported versions of FreeBSD.
Corrected: 2021-01-18 16:26:36 UTC (stable/12, 12.2-STABLE)
2021-01-29 01:21:04 UTC (releng/12.2, 12.2-RELEASE-p3)
2021-01-29 01:06:16 UTC (releng/12.1, 12.1-RELEASE-p13)
2021-01-21 09:14:50 UTC (stable/11, 11.4-STABLE)
2021-01-29 00:20:16 UTC (releng/11.4, 11.4-RELEASE-p7)
CVE Name: CVE-2020-29568
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
Xen is a type-1 hypervisor which supports FreeBSD as a Dom0 (or host
domain).
II. Problem Description
Some OSes (including Linux, FreeBSD, and NetBSD) are processing watch
events using a single thread. If the events are received faster than
the thread is able to handle, they will get queued.
As the queue is unbound, a guest may be able to trigger a OOM in
the backend.
III. Impact
A malicious guest can trigger an OOM in backends.
IV. Workaround
No workaround is available. FreeBSD systems not using Xen are not
affected.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date,
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.x]
# fetch https://security.FreeBSD.org/patches/SA-21:02/xenoom.12.patch
# fetch https://security.FreeBSD.org/patches/SA-21:02/xenoom.12.patch.asc
# gpg --verify xenoom.12.patch.asc
[FreeBSD 11.x]
# fetch https://security.FreeBSD.org/patches/SA-21:02/xenoom.11.patch
# fetch https://security.FreeBSD.org/patches/SA-21:02/xenoom.11.patch.asc
# gpg --verify xenoom.11.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r369038
releng/12.2/ r369177
releng/12.1/ r369167
stable/11/ r369072
releng/11.4/ r369158
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://xenbits.xen.org/xsa/advisory-349.html>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29568>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:02.xenoom.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbjNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJjmhAAloDel7j9rgyDK8Ozk5wPJQlUM/1Ddc4e5Q5vdzT29mNdWKfXjH5SEkGq
Jx7w4fUronf8vsXn+bNXwn1u5PWGVTVX/Y4ljQ4JVwJ+NdxhxTuhNsbg7j2AZmdO
PsfI+eFX1xq8wr3oDUl3GTHHcUI1Ol259tsOgJE7ISriazgbRk8/QVowMgS3jdHA
OYJS8ADFWSO6d4TC2B5pvgC6NAiZjhgTDtjxzTnaWoUb0157JyhRh3Z2FQTBxoxU
3OQcTj7x7KBtbsiAI/Iq8Qu7JXyxtscVQfbXsk4Jt1uOskgsr8n9F+UGiP+GRIKb
0IsgNUlsPavINlNJjAwQWHtB8VJqH7LpG9t3/EMizUXjZAuRLxEjAFiHV8ju1U++
O9Xf9nB9auVrBn1WMYgH23bZ5D15W1HosEywifBw64R7CLDliD/HpJ3QaDEe3lCn
pB0jgxuoE5RCbTppgUZM7tLUrtwgih+lOiZcLcA5xS9hQo8TWBLIJNBf5rRjJA6q
/3vh5lOv/w8AHyBgA5395QIkkgw9dxy2o+LbtuVhdD/NbLX4GnNVMkQDsTF79PMT
8rl0Zn6Ldo0ypHAwPAVHektl+izuMftNQuQXSbEjkw/Xr1VCjIjllJET3K2e9X6z
4nPmq6t/0kuHWYSSDQAKdq/8Dosn3HLw1uQdst4ka7wf1Eon7Ow=
=3L3L
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-SA-21:02.xenoom Security Advisory
The FreeBSD Project
Topic: Xen guests can triger backend Out Of Memory
Category: contrib
Module: Xen
Announced: 2021-01-29
Credits: See Xen XSA-349 for details
Affects: All supported versions of FreeBSD.
Corrected: 2021-01-18 16:26:36 UTC (stable/12, 12.2-STABLE)
2021-01-29 01:21:04 UTC (releng/12.2, 12.2-RELEASE-p3)
2021-01-29 01:06:16 UTC (releng/12.1, 12.1-RELEASE-p13)
2021-01-21 09:14:50 UTC (stable/11, 11.4-STABLE)
2021-01-29 00:20:16 UTC (releng/11.4, 11.4-RELEASE-p7)
CVE Name: CVE-2020-29568
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
Xen is a type-1 hypervisor which supports FreeBSD as a Dom0 (or host
domain).
II. Problem Description
Some OSes (including Linux, FreeBSD, and NetBSD) are processing watch
events using a single thread. If the events are received faster than
the thread is able to handle, they will get queued.
As the queue is unbound, a guest may be able to trigger a OOM in
the backend.
III. Impact
A malicious guest can trigger an OOM in backends.
IV. Workaround
No workaround is available. FreeBSD systems not using Xen are not
affected.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date,
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.x]
# fetch https://security.FreeBSD.org/patches/SA-21:02/xenoom.12.patch
# fetch https://security.FreeBSD.org/patches/SA-21:02/xenoom.12.patch.asc
# gpg --verify xenoom.12.patch.asc
[FreeBSD 11.x]
# fetch https://security.FreeBSD.org/patches/SA-21:02/xenoom.11.patch
# fetch https://security.FreeBSD.org/patches/SA-21:02/xenoom.11.patch.asc
# gpg --verify xenoom.11.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r369038
releng/12.2/ r369177
releng/12.1/ r369167
stable/11/ r369072
releng/11.4/ r369158
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://xenbits.xen.org/xsa/advisory-349.html>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29568>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:02.xenoom.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbjNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJjmhAAloDel7j9rgyDK8Ozk5wPJQlUM/1Ddc4e5Q5vdzT29mNdWKfXjH5SEkGq
Jx7w4fUronf8vsXn+bNXwn1u5PWGVTVX/Y4ljQ4JVwJ+NdxhxTuhNsbg7j2AZmdO
PsfI+eFX1xq8wr3oDUl3GTHHcUI1Ol259tsOgJE7ISriazgbRk8/QVowMgS3jdHA
OYJS8ADFWSO6d4TC2B5pvgC6NAiZjhgTDtjxzTnaWoUb0157JyhRh3Z2FQTBxoxU
3OQcTj7x7KBtbsiAI/Iq8Qu7JXyxtscVQfbXsk4Jt1uOskgsr8n9F+UGiP+GRIKb
0IsgNUlsPavINlNJjAwQWHtB8VJqH7LpG9t3/EMizUXjZAuRLxEjAFiHV8ju1U++
O9Xf9nB9auVrBn1WMYgH23bZ5D15W1HosEywifBw64R7CLDliD/HpJ3QaDEe3lCn
pB0jgxuoE5RCbTppgUZM7tLUrtwgih+lOiZcLcA5xS9hQo8TWBLIJNBf5rRjJA6q
/3vh5lOv/w8AHyBgA5395QIkkgw9dxy2o+LbtuVhdD/NbLX4GnNVMkQDsTF79PMT
8rl0Zn6Ldo0ypHAwPAVHektl+izuMftNQuQXSbEjkw/Xr1VCjIjllJET3K2e9X6z
4nPmq6t/0kuHWYSSDQAKdq/8Dosn3HLw1uQdst4ka7wf1Eon7Ow=
=3L3L
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:01.fsdisclosure
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-21:01.fsdisclosure Security Advisory
The FreeBSD Project
Topic: Uninitialized kernel stack leaks in several file systems
Category: core
Module: fs
Announced: 2021-01-29
Credits: Syed Faraz Abrar
Affects: All supported versions of FreeBSD.
Corrected: 2021-01-06 14:58:41 UTC (stable/12, 12.2-STABLE)
2021-01-29 01:20:59 UTC (releng/12.2, 12.2-RELEASE-p3)
2021-01-29 01:06:09 UTC (releng/12.1, 12.1-RELEASE-p13)
2021-01-18 19:16:24 UTC (stable/11, 11.4-STABLE)
2021-01-29 00:20:09 UTC (releng/11.4, 11.4-RELEASE-p7)
CVE Name: CVE-2020-25578, CVE-2020-25579
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The FreeBSD kernel exports file system directory entries to userspace
using the generic "dirent" structure. Individual file systems implement
VOP_READDIR to convert from the file system's internal directory entry
layout to the generic form. dirent structures can be fetched from
userspace using the getdirentries(2) system call.
II. Problem Description
Several file systems were not properly initializing the d_off field of
the dirent structures returned by VOP_READDIR. In particular, tmpfs(5),
smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result,
eight uninitialized kernel stack bytes may be leaked to userspace by
these file systems. This problem is not present in FreeBSD 11.
Additionally, msdosfs(5) was failing to zero-fill a pair of padding
fields in the dirent structure, resulting in a leak of three
uninitialized bytes.
III. Impact
Kernel stack disclosures may leak sensitive information which could be
used to compromise the security of the system.
IV. Workaround
Systems that do not have any of the affected file systems mounted are
not affected. To trigger the leaks, an unprivileged user must have read
access to a directory belonging to one of the mounted file systems.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date,
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.x]
# fetch https://security.FreeBSD.org/patches/SA-21:01/fsdisclosure.12.patch
# fetch https://security.FreeBSD.org/patches/SA-21:01/fsdisclosure.12.patch.asc
# gpg --verify fsdisclosure.12.patch.asc
[FreeBSD 11.x]
# fetch https://security.FreeBSD.org/patches/SA-21:01/fsdisclosure.11.patch
# fetch https://security.FreeBSD.org/patches/SA-21:01/fsdisclosure.11.patch.asc
# gpg --verify fsdisclosure.11.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r368969
releng/12.2/ r369175
releng/12.1/ r369165
stable/11/ r369047
releng/11.4/ r369156
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25578>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25579>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbjNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJr9xAAkZz7B1xlb66yVYXmyIo8eFf2ZyYPXxoH9hIxx1N7PxY6l9MeU9xzcYrf
tOYtsWyPxx+M+g0KZc2Q846zu3JySSBkGKT1Kx3aqMmfEqWMa6b2u/wM+rG/8NjR
qzsU9SfnzgcBg0tu4m55en+7muuiO3JopCbQDdTSl0EgOFkMI6cuMXc2lm9BAEKj
zpmKFbelSCIUjISpLASJzNKRfQV1UajpgyM/tWYSrlQwaejNkFOmBO1ylLBbigBo
bqH5xCsttGGUC91QmsEdcrF3pSNuHEtW5nT8sbAlm6ue8bjY9AGhEB1fkV877KDG
otN3sPe367uQA1AHWCq3qPseTgAV9pDW4Mctxi5VSz0P3tUzG+hqojtn+mDAvFob
DnFWFJnMZC6mueunp555LXlgFzA79Vberjo15240kEvaf4B+PiCqVLr9baK/2KyW
EEj3pn/ciGq/wBn5ZPoCDVk0hbcfVNxaXytHLDBZ7l/ti7ZC08SRyaPdhG8Tblbx
ha/6+/viGbBHktuTU5Vz48cHja9RnDq0EUiTmplinUDhyouVyG4i2Yrn3anMnhd5
atULlylJlEPGq1WNH0A7yiKqQa6Bu4OFMdJ69YIYskcn3FC2vjz0LpRb+soFOIAH
2/o0UAMup9buG8CbPVLoCRPyPrEw0liaUJEUlxTVPDc3AJGM0xM=
=gD1K
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-SA-21:01.fsdisclosure Security Advisory
The FreeBSD Project
Topic: Uninitialized kernel stack leaks in several file systems
Category: core
Module: fs
Announced: 2021-01-29
Credits: Syed Faraz Abrar
Affects: All supported versions of FreeBSD.
Corrected: 2021-01-06 14:58:41 UTC (stable/12, 12.2-STABLE)
2021-01-29 01:20:59 UTC (releng/12.2, 12.2-RELEASE-p3)
2021-01-29 01:06:09 UTC (releng/12.1, 12.1-RELEASE-p13)
2021-01-18 19:16:24 UTC (stable/11, 11.4-STABLE)
2021-01-29 00:20:09 UTC (releng/11.4, 11.4-RELEASE-p7)
CVE Name: CVE-2020-25578, CVE-2020-25579
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The FreeBSD kernel exports file system directory entries to userspace
using the generic "dirent" structure. Individual file systems implement
VOP_READDIR to convert from the file system's internal directory entry
layout to the generic form. dirent structures can be fetched from
userspace using the getdirentries(2) system call.
II. Problem Description
Several file systems were not properly initializing the d_off field of
the dirent structures returned by VOP_READDIR. In particular, tmpfs(5),
smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result,
eight uninitialized kernel stack bytes may be leaked to userspace by
these file systems. This problem is not present in FreeBSD 11.
Additionally, msdosfs(5) was failing to zero-fill a pair of padding
fields in the dirent structure, resulting in a leak of three
uninitialized bytes.
III. Impact
Kernel stack disclosures may leak sensitive information which could be
used to compromise the security of the system.
IV. Workaround
Systems that do not have any of the affected file systems mounted are
not affected. To trigger the leaks, an unprivileged user must have read
access to a directory belonging to one of the mounted file systems.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date,
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.x]
# fetch https://security.FreeBSD.org/patches/SA-21:01/fsdisclosure.12.patch
# fetch https://security.FreeBSD.org/patches/SA-21:01/fsdisclosure.12.patch.asc
# gpg --verify fsdisclosure.12.patch.asc
[FreeBSD 11.x]
# fetch https://security.FreeBSD.org/patches/SA-21:01/fsdisclosure.11.patch
# fetch https://security.FreeBSD.org/patches/SA-21:01/fsdisclosure.11.patch.asc
# gpg --verify fsdisclosure.11.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r368969
releng/12.2/ r369175
releng/12.1/ r369165
stable/11/ r369047
releng/11.4/ r369156
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25578>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25579>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbjNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJr9xAAkZz7B1xlb66yVYXmyIo8eFf2ZyYPXxoH9hIxx1N7PxY6l9MeU9xzcYrf
tOYtsWyPxx+M+g0KZc2Q846zu3JySSBkGKT1Kx3aqMmfEqWMa6b2u/wM+rG/8NjR
qzsU9SfnzgcBg0tu4m55en+7muuiO3JopCbQDdTSl0EgOFkMI6cuMXc2lm9BAEKj
zpmKFbelSCIUjISpLASJzNKRfQV1UajpgyM/tWYSrlQwaejNkFOmBO1ylLBbigBo
bqH5xCsttGGUC91QmsEdcrF3pSNuHEtW5nT8sbAlm6ue8bjY9AGhEB1fkV877KDG
otN3sPe367uQA1AHWCq3qPseTgAV9pDW4Mctxi5VSz0P3tUzG+hqojtn+mDAvFob
DnFWFJnMZC6mueunp555LXlgFzA79Vberjo15240kEvaf4B+PiCqVLr9baK/2KyW
EEj3pn/ciGq/wBn5ZPoCDVk0hbcfVNxaXytHLDBZ7l/ti7ZC08SRyaPdhG8Tblbx
ha/6+/viGbBHktuTU5Vz48cHja9RnDq0EUiTmplinUDhyouVyG4i2Yrn3anMnhd5
atULlylJlEPGq1WNH0A7yiKqQa6Bu4OFMdJ69YIYskcn3FC2vjz0LpRb+soFOIAH
2/o0UAMup9buG8CbPVLoCRPyPrEw0liaUJEUlxTVPDc3AJGM0xM=
=gD1K
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[announce] Next NYC*BUG: Feb 3rd @ 18:45
Happy to announce Michael Dexter will be giving the Feb 3 NYC*BUG talk entitled:
Fifteen Years and Fifteen Minutes: Applying Occam's Razor to FreeBSD with OccamBSD,
More info:
https://www.nycbug.org/index?action=view&id=10680
The Zoom meeting starts at 18:45 EST (23:45 UTC). For Zoom meeting details, email to rsvp AT lists.nycbug.org before Feb2nd, and details will be sent on the day of the meeting.
As always, we will be fielding questions over IRC at #nycbug on Freenode during the talk. If you would like to ask a question of Michael ahead of time, please send your questions to talk@. Any questions during the talk can be sent to the IRC channel mentioned above.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://lists.nycbug.org:8080/mailman/listinfo/announce
Fifteen Years and Fifteen Minutes: Applying Occam's Razor to FreeBSD with OccamBSD,
More info:
https://www.nycbug.org/index?action=view&id=10680
The Zoom meeting starts at 18:45 EST (23:45 UTC). For Zoom meeting details, email to rsvp AT lists.nycbug.org before Feb2nd, and details will be sent on the day of the meeting.
As always, we will be fielding questions over IRC at #nycbug on Freenode during the talk. If you would like to ask a question of Michael ahead of time, please send your questions to talk@. Any questions during the talk can be sent to the IRC channel mentioned above.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://lists.nycbug.org:8080/mailman/listinfo/announce
[USN-4714-1] XStream vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4714-1
January 28, 2021
libxstream-java vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in libxstream-java.
Software Description:
- libxstream-java: Java library to serialize objects to XML and back again
Details:
Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code
execution. A remote attacker could run arbitrary shell commands by
manipulating the processed input stream. (CVE-2020-26217)
It was discovered that XStream was vulnerable to server-side forgery attacks.
A remote attacker could request data from internal resources that are not
publicly available only by manipulating the processed input stream.
(CVE-2020-26258)
It was discovered that XStream was vulnerable to arbitrary file deletion on
the local host. A remote attacker could use this to delete arbitrary known
files on the host as long as the executing process had sufficient rights only
by manipulating the processed input stream. (CVE-2020-26259)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libxstream-java 1.4.11.1-1ubuntu0.1
Ubuntu 18.04 LTS:
libxstream-java 1.4.11.1-1~18.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4714-1
CVE-2020-26217, CVE-2020-26258, CVE-2020-26259
Package Information:
https://launchpad.net/ubuntu/+source/libxstream-java/1.4.11.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxstream-java/1.4.11.1-1~18.04.1
Ubuntu Security Notice USN-4714-1
January 28, 2021
libxstream-java vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in libxstream-java.
Software Description:
- libxstream-java: Java library to serialize objects to XML and back again
Details:
Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code
execution. A remote attacker could run arbitrary shell commands by
manipulating the processed input stream. (CVE-2020-26217)
It was discovered that XStream was vulnerable to server-side forgery attacks.
A remote attacker could request data from internal resources that are not
publicly available only by manipulating the processed input stream.
(CVE-2020-26258)
It was discovered that XStream was vulnerable to arbitrary file deletion on
the local host. A remote attacker could use this to delete arbitrary known
files on the host as long as the executing process had sufficient rights only
by manipulating the processed input stream. (CVE-2020-26259)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libxstream-java 1.4.11.1-1ubuntu0.1
Ubuntu 18.04 LTS:
libxstream-java 1.4.11.1-1~18.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4714-1
CVE-2020-26217, CVE-2020-26258, CVE-2020-26259
Package Information:
https://launchpad.net/ubuntu/+source/libxstream-java/1.4.11.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxstream-java/1.4.11.1-1~18.04.1
[FreeBSD-Announce] FreeBSD/i386 demoted to Tier 2 for FreeBSD 13.x
FreeBSD is designating i386 as a Tier 2 architecture starting with
FreeBSD 13.0. The Project will continue to provide release images,
binary updates, and pre-built packages for the 13.x branch. However,
i386-specific issues (including SAs) may not be addressed in 13.x.
The i386 platform will remain Tier 1 on FreeBSD 11.x and 12.x.
FreeBSD 13.0. The Project will continue to provide release images,
binary updates, and pre-built packages for the 13.x branch. However,
i386-specific issues (including SAs) may not be addressed in 13.x.
The i386 platform will remain Tier 1 on FreeBSD 11.x and 12.x.
More background:
The i386 (32-bit x86) architecture has been a substantial part of the
FreeBSD Project's history and success. FreeBSD began with i386 as the
only supported architecture, and the ease of availability of i386
computers was key to FreeBSD's growth and adoption. However, the
computer industry and the x86 architecture have evolved over time.
For at least the past decade, 64-bit x86 has been the dominant FreeBSD
architecture both in terms of users and active development. The
FreeBSD/i386 user base has steadily declined and is now on par with
other Tier 2 architectures. As a result, the i386 architecture will
be demoted to a Tier 2 architecture starting with FreeBSD 13.0.
Due to i386's history as a Tier 1 architecture and it's existing
install base, the Project will continue to provide a high level of
support for i386 in FreeBSD 13.x. This will give existing i386 users
extra time to migrate to a fully-supported architecture for future
FreeBSD releases.
For FreeBSD 13.x, the FreeBSD project commits to providing release
images, binary updates, and pre-built packages for i386. The FreeBSD
Release Engineering and Security Teams will continue to build, test,
and distribute EN and SA artifacts for i386 alongside all other
supported platforms. However, EN and SA issues that are specific to
i386, or that require unique development for i386, may not be
addressed. The userland ABI will continue to be preserved in 13.x
similar to other Tier 1 platforms.
For branches beyond 13.x (e.g. 14.x), the FreeBSD Project reserves the
right to reduce the amount of support provided. We anticipate that
i386 will receive reduced support inline with existing Tier 2
platforms for 14.x, and will announce the level of support i386 will
receive in 14.x as we are closer to the 14.0 release date. Due to the
prevalence of existing i386 binaries, we also anticipate that we will
avoid breaking the userland ABI in future branches. Specifically, we
expect that time_t will remain 32 bits on i386.
Support for i386 on currently-supported FreeBSD branches (11.x and
12.x) will continue at their current Tier 1 level for the duration of
their support lifetime.
On behalf of the FreeBSD core, port manager, release engineering, and
security teams,
--
John Baldwin
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[arch-announce] PHP 8.0 and PHP 7 legacy packages are available
The php package has been updated to [version 8.0](https://www.php.net/releases/8.0/en.php). Please refer to
the upstream [migration guide](https://www.php.net/manual/en/migration80.php). As some applications are not
compatible with PHP 8 yet we provide a [php7](https://archlinux.org/packages/extra/x86_64/php7/) package which can be
installed alongside version 8. Packages that depend on PHP reflect
this update and will require php7 if needed. You might need to update
your configuration accordingly. PHP 7 binaries and configuration have
the "7" suffix:
* /usr/bin/php -> /usr/bin/php7
* /etc/php -> /etc/php7
* /usr/bin/php-fpm -> /usr/bin/php-fpm7
* /usr/lib/systemd/system/php-fpm.service -> /usr/lib/systemd/system/php-fpm7.service
* /run/php-fpm -> /run/php-fpm7
We also provide third party modules compiled for PHP 7:
* [php7-apcu](https://archlinux.org/packages/extra/x86_64/php7-apcu/)
* [php7-geoip](https://archlinux.org/packages/community/x86_64/php7-geoip/)
* [php7-grpc](https://archlinux.org/packages/community/x86_64/php7-grpc/)
* [php7-igbinary](https://archlinux.org/packages/community/x86_64/php7-igbinary/)
* [php7-imagick](https://archlinux.org/packages/community/x86_64/php7-imagick/)
* [php7-memcache](https://archlinux.org/packages/community/x86_64/php7-memcache/)
* [php7-memcached](https://archlinux.org/packages/community/x86_64/php7-memcached/)
* [php7-mongodb](https://archlinux.org/packages/community/x86_64/php7-mongodb/)
* [php7-redis](https://archlinux.org/packages/community/x86_64/php7-redis/)
Note that support for php7 will be [limited](https://www.php.net/supported-versions.php) and likely be dropped in
about a year depending on how soon the majority of applications
will be compatible with version 8.
URL: https://www.archlinux.org/news/php-80-and-php-7-legacy-packages-are-available/
_______________________________________________
arch-announce mailing list
arch-announce@lists.archlinux.org
https://lists.archlinux.org/listinfo/arch-announce
the upstream [migration guide](https://www.php.net/manual/en/migration80.php). As some applications are not
compatible with PHP 8 yet we provide a [php7](https://archlinux.org/packages/extra/x86_64/php7/) package which can be
installed alongside version 8. Packages that depend on PHP reflect
this update and will require php7 if needed. You might need to update
your configuration accordingly. PHP 7 binaries and configuration have
the "7" suffix:
* /usr/bin/php -> /usr/bin/php7
* /etc/php -> /etc/php7
* /usr/bin/php-fpm -> /usr/bin/php-fpm7
* /usr/lib/systemd/system/php-fpm.service -> /usr/lib/systemd/system/php-fpm7.service
* /run/php-fpm -> /run/php-fpm7
We also provide third party modules compiled for PHP 7:
* [php7-apcu](https://archlinux.org/packages/extra/x86_64/php7-apcu/)
* [php7-geoip](https://archlinux.org/packages/community/x86_64/php7-geoip/)
* [php7-grpc](https://archlinux.org/packages/community/x86_64/php7-grpc/)
* [php7-igbinary](https://archlinux.org/packages/community/x86_64/php7-igbinary/)
* [php7-imagick](https://archlinux.org/packages/community/x86_64/php7-imagick/)
* [php7-memcache](https://archlinux.org/packages/community/x86_64/php7-memcache/)
* [php7-memcached](https://archlinux.org/packages/community/x86_64/php7-memcached/)
* [php7-mongodb](https://archlinux.org/packages/community/x86_64/php7-mongodb/)
* [php7-redis](https://archlinux.org/packages/community/x86_64/php7-redis/)
Note that support for php7 will be [limited](https://www.php.net/supported-versions.php) and likely be dropped in
about a year depending on how soon the majority of applications
will be compatible with version 8.
URL: https://www.archlinux.org/news/php-80-and-php-7-legacy-packages-are-available/
_______________________________________________
arch-announce mailing list
arch-announce@lists.archlinux.org
https://lists.archlinux.org/listinfo/arch-announce
武音姿邀请您参加线上免费直播课程 <新劳动争议司法解释与企业应对策略>
参会名额有限 报名请添加微信:13310101103(马老师)------------------------------------------------------------------------------------------------------------------背 景2020年12月30日,最高人民法院发布《关于审理劳动争议案件适用法律问题的解释(一)》(法释〔2020〕26号),自2021年1月1日起施行。同时,最高人民法院把原劳动争议司法解释一二三四均废除。新劳动争议司法解释与《民法典》有何内在关系?有无全新的规定?新劳动争议司法解释企业劳动用工带来哪些影响?企业管理层应如何应对?我们特聘请劳动法实战专家为您详细解读。----------------------------------------------------------------------------------------------------------------------------------课.程.大.纲
一、《民法典》与劳动法的关系
1、《民法典》是劳动法的上位法吗?
2、《民法典》的基本原则适用于劳动关系领域吗?
3、《民法典》的具体规则适用于劳动关系领域吗?
4、《民法典》人格权编对劳动用工的影响和应对。
二、新旧劳动争议司法解释对比分析
1、新劳动争议司法解释与《民法典》的关系
2、新劳动争议司法解释是照搬照抄,还是有创新突破?
3、新劳动争议司法解释中的"闪光点"及其价值。
4、从优化营商环境视角看用用人单位如何充分利用新劳动争议司法解释中对用人单位的有利规定?
三、新劳动争议司法解释重点条款解读与实操技巧
1、劳动争议案件管辖权能不能约定?
2、劳动争议案件管辖权能不能抢?
3、劳动争议案件管辖权如何有效地"抢"?
4、双方同一天起诉管辖权如何确定?
5、法院已经裁定管辖移送,你就可以坐以待毙吗?
6、哪些单位属于用人单位的范畴?分公司、办事处能否与劳动者签订劳动合同?
7、社保"三统一"政策下劳动合同主体变更要点。
8、外国人就业适用劳动法吗?可以约定解除条件吗?
9、台港澳同胞就业适用劳动法吗?可以约定解除条件吗?
10、退休人员与用人单位之间属于什么法律关系?如何规避单位风险?
11、用人单位与企业停薪留职人员、未达到法定退休年龄的内退人员、下岗待岗人员以及企业经营性停产放长假人员的实务操作。
12、劳动合同期满未续签劳动合同,劳动者继续在公司上班,是否需要支付双倍工资?
13、劳动合同期满未续签劳动合同,劳动者继续在公司上班,单位是否可以随时终止用工?终止后是否要支付经济补偿?
14、约定"双方再无其他争议",如何做到无争议?
15、劳动者签订奋斗者协议放弃年休假等法定权利,是否有效?
16、竞业限制与保密协议的10大疑难问题与对策
17、用人单位常见加班争议与举证责任的分配,以及用人单位举证技巧。
18、口头变更后劳动者反悔,用人单位如何举证?
19、举证责任倒置和例外情形,以及用人单位应对策略。
20、劳动者被迫解除劳动合同并追索经济补偿的情形和适用范围,遇到用人单位无心之过,或者劳动者吹毛求疵,怎么办?
21、合并计算劳动者不同用人单位工作年限的适用场景有哪些?不同单位的劳动合同签订次数能否合并计算?
22、未建立工会的单位需要履行通知工会程序吗?如何履行?----------------------------------------------------------------------------------------------------------------------------------讲 师 简 介 李居鹏李居鹏律师知名劳动法专业律师,实战派劳动法及人力资源法律风险管理专家。
北京市隆安律师事务所上海分所高级合伙人
上海市律师协会劳动法业务研究委员会委员。
先后毕业于华东政法大学和上海交通大学,分获法学士和法律硕士学位李居鹏律师于2007年从事专职律师工作。执业领域主要涉及劳动法、人力资源法律风险管理等领域,对企业法律风险尤其是人事法律风险具有深入研究,擅长处理各类劳动争议仲裁和诉讼纠纷,累计已为逾千家企业和个人提供了劳动争议和人力资源法律风险管理的咨询、谈判、仲裁及诉讼等服务,具有丰富的劳动争议谈判、仲裁和诉讼经验以及人力资源法律风险管理经验,能切实维护当事人合法权益。
李居鹏律师曾多次编纂《合法辞退员工指南》、《人力资源整理解决方案》、《企业常用规章制度》等劳动法专业工具书,李居鹏律师的多起成功案例和专业文章曾在《人力资源管理》、《人才市场报》、《新闻晚报》、《上海法治报》、《浙江法治报》、新浪网、新华网等媒体上发表,在业内具有良好声誉。
李居鹏律师为资深劳动法专业培训讲师,有多年培训经验。多年来为广州、深圳、上海、北京、浙江、江苏、四川、辽宁等省市的企业讲授企业用工管理系列课程百余场,课程实用、有效。参训企业包括但不限于中国电信、中粮集团、西门子、百度、一号店、史泰博、欧文斯科宁、卡西欧、万科物业、中国四达、马克华菲、东方泵业、北斗导航、宝钢集团、中远重工、中国中铁、达美乐、张江高科、昂立教育、童涵春堂、上海博物馆、银河证券、安利中国等诸多知名世界五百强企业、大型国有企业,以及外资企业和民营企业等,其培训中所举案例生动有趣、讲座内容丰富、所授方法实用性强、与学员互动性强,不回避实操过程中HR的难点、痛点问题,直接给出可操作的方案,学员们普遍反映听后启发很大、受益匪浅。
李居鹏律师常年担任数十家企业的常年法律顾问,为其战略决策和经营活动提供法律支持,并帮助这些企业建章立制,有效降低了这些企业的法律风险,深受客户信赖。---------------------------------------------------------------------------------------------------------------------------------报名回执 请回复至下方邮件:
公 司: 课 程: 《新劳动争议司法解释与企业应对策略》
参 会人姓名: 邮 箱: 手 机:
请填写以上信息并回复至指定邮 箱1219413611@qq.com
本邮件由系统自动发送请勿回执
报名/咨 询: 马老师
手机/微信:133 1010 1103
[USN-4707-1] TCMU vulnerability
==========================================================================
Ubuntu Security Notice USN-4707-1
January 28, 2021
tcmu vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
Summary:
tcmu could be made to crash if it received specially crafted
input.
Software Description:
- tcmu: TCM-Userspace backend
Details:
It was discovered that TCMU lacked a check for transport-layer restrictions,
allowing remote attackers to read or write files via directory traversal in
an XCOPY request.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
libtcmu2 1.5.2-5ubuntu0.20.10.1
tcmu-runner 1.5.2-5ubuntu0.20.10.1
Ubuntu 20.04 LTS:
libtcmu2 1.5.2-5ubuntu0.20.04.1
tcmu-runner 1.5.2-5ubuntu0.20.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4707-1
CVE-2021-3139
Package Information:
https://launchpad.net/ubuntu/+source/tcmu/1.5.2-5ubuntu0.20.10.1
https://launchpad.net/ubuntu/+source/tcmu/1.5.2-5ubuntu0.20.04.1
Ubuntu Security Notice USN-4707-1
January 28, 2021
tcmu vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
Summary:
tcmu could be made to crash if it received specially crafted
input.
Software Description:
- tcmu: TCM-Userspace backend
Details:
It was discovered that TCMU lacked a check for transport-layer restrictions,
allowing remote attackers to read or write files via directory traversal in
an XCOPY request.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
libtcmu2 1.5.2-5ubuntu0.20.10.1
tcmu-runner 1.5.2-5ubuntu0.20.10.1
Ubuntu 20.04 LTS:
libtcmu2 1.5.2-5ubuntu0.20.04.1
tcmu-runner 1.5.2-5ubuntu0.20.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4707-1
CVE-2021-3139
Package Information:
https://launchpad.net/ubuntu/+source/tcmu/1.5.2-5ubuntu0.20.10.1
https://launchpad.net/ubuntu/+source/tcmu/1.5.2-5ubuntu0.20.04.1
[USN-4706-1] Ceph vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4706-1
January 28, 2021
ceph vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Ceph.
Software Description:
- ceph: distributed storage and file system
Details:
Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly
restrict access, resulting in gaining access to unauthorized resources. An
authenticated user could use this vulnerability to modify the configuration and
possibly conduct further attacks. (CVE-2020-10736)
Adam Mohammed found that Ceph Object Gateway was vulnerable to HTTP header
injection via a CORS ExposeHeader tag. An attacker could use this to gain access
or cause a crash. (CVE-2020-10753)
Ilya Dryomov found that Cephx authentication did not verify Ceph clients
correctly and was then vulnerable to replay attacks in Nautilus. An attacker
could use the Ceph cluster network to authenticate via a packet sniffer and
perform actions. This issue is a reintroduction of CVE-2018-1128.
(CVE-2020-25660)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
ceph 15.2.7-0ubuntu0.20.10.3
ceph-base 15.2.7-0ubuntu0.20.10.3
ceph-common 15.2.7-0ubuntu0.20.10.3
Ubuntu 20.04 LTS:
ceph 15.2.7-0ubuntu0.20.04.2
ceph-base 15.2.7-0ubuntu0.20.04.2
ceph-common 15.2.7-0ubuntu0.20.04.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4706-1
CVE-2020-10736, CVE-2020-10753, CVE-2020-25660
Package Information:
https://launchpad.net/ubuntu/+source/ceph/15.2.7-0ubuntu0.20.10.3
https://launchpad.net/ubuntu/+source/ceph/15.2.7-0ubuntu0.20.04.2
Ubuntu Security Notice USN-4706-1
January 28, 2021
ceph vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Ceph.
Software Description:
- ceph: distributed storage and file system
Details:
Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly
restrict access, resulting in gaining access to unauthorized resources. An
authenticated user could use this vulnerability to modify the configuration and
possibly conduct further attacks. (CVE-2020-10736)
Adam Mohammed found that Ceph Object Gateway was vulnerable to HTTP header
injection via a CORS ExposeHeader tag. An attacker could use this to gain access
or cause a crash. (CVE-2020-10753)
Ilya Dryomov found that Cephx authentication did not verify Ceph clients
correctly and was then vulnerable to replay attacks in Nautilus. An attacker
could use the Ceph cluster network to authenticate via a packet sniffer and
perform actions. This issue is a reintroduction of CVE-2018-1128.
(CVE-2020-25660)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
ceph 15.2.7-0ubuntu0.20.10.3
ceph-base 15.2.7-0ubuntu0.20.10.3
ceph-common 15.2.7-0ubuntu0.20.10.3
Ubuntu 20.04 LTS:
ceph 15.2.7-0ubuntu0.20.04.2
ceph-base 15.2.7-0ubuntu0.20.04.2
ceph-common 15.2.7-0ubuntu0.20.04.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4706-1
CVE-2020-10736, CVE-2020-10753, CVE-2020-25660
Package Information:
https://launchpad.net/ubuntu/+source/ceph/15.2.7-0ubuntu0.20.10.3
https://launchpad.net/ubuntu/+source/ceph/15.2.7-0ubuntu0.20.04.2
[USN-4711-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4711-1
January 28, 2021
linux-aws, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
Details:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)
Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2020-25704)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1064-oracle 4.15.0-1064.71
linux-image-4.15.0-1078-raspi2 4.15.0-1078.83
linux-image-4.15.0-1084-kvm 4.15.0-1084.86
linux-image-4.15.0-1093-aws 4.15.0-1093.99
linux-image-4.15.0-1095-snapdragon 4.15.0-1095.104
linux-image-aws-lts-18.04 4.15.0.1093.96
linux-image-kvm 4.15.0.1084.80
linux-image-oracle-lts-18.04 4.15.0.1064.74
linux-image-raspi2 4.15.0.1078.75
linux-image-snapdragon 4.15.0.1095.98
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4711-1
CVE-2020-25704, CVE-2020-28374
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1093.99
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1084.86
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1064.71
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1078.83
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1095.104
Ubuntu Security Notice USN-4711-1
January 28, 2021
linux-aws, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
Details:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)
Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2020-25704)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1064-oracle 4.15.0-1064.71
linux-image-4.15.0-1078-raspi2 4.15.0-1078.83
linux-image-4.15.0-1084-kvm 4.15.0-1084.86
linux-image-4.15.0-1093-aws 4.15.0-1093.99
linux-image-4.15.0-1095-snapdragon 4.15.0-1095.104
linux-image-aws-lts-18.04 4.15.0.1093.96
linux-image-kvm 4.15.0.1084.80
linux-image-oracle-lts-18.04 4.15.0.1064.74
linux-image-raspi2 4.15.0.1078.75
linux-image-snapdragon 4.15.0.1095.98
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4711-1
CVE-2020-25704, CVE-2020-28374
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1093.99
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1084.86
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1064.71
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1078.83
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1095.104
[USN-4713-1] Linux kernel vulnerability
==========================================================================
Ubuntu Security Notice USN-4713-1
January 28, 2021
linux-aws, linux-aws-5.4, linux-azure, linux-gcp, linux-kvm, linux-oracle,
linux-raspi vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
The system could allow unintended access to data in some environments.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi (V8) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
Details:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
linux-image-5.8.0-1013-raspi 5.8.0-1013.16
linux-image-5.8.0-1013-raspi-nolpae 5.8.0-1013.16
linux-image-5.8.0-1016-kvm 5.8.0-1016.18
linux-image-5.8.0-1018-oracle 5.8.0-1018.19
linux-image-5.8.0-1020-azure 5.8.0-1020.22
linux-image-5.8.0-1021-aws 5.8.0-1021.23
linux-image-aws 5.8.0.1021.23
linux-image-azure 5.8.0.1020.20
linux-image-kvm 5.8.0.1016.18
linux-image-oracle 5.8.0.1018.18
linux-image-raspi 5.8.0.1013.16
linux-image-raspi-nolpae 5.8.0.1013.16
Ubuntu 20.04 LTS:
linux-image-5.4.0-1032-kvm 5.4.0-1032.33
linux-image-5.4.0-1036-gcp 5.4.0-1036.39
linux-image-5.4.0-1037-aws 5.4.0-1037.39
linux-image-5.4.0-1037-oracle 5.4.0-1037.40
linux-image-5.4.0-1039-azure 5.4.0-1039.41
linux-image-aws 5.4.0.1037.38
linux-image-azure 5.4.0.1039.37
linux-image-gcp 5.4.0.1036.45
linux-image-kvm 5.4.0.1032.30
linux-image-oracle 5.4.0.1037.34
Ubuntu 18.04 LTS:
linux-image-5.4.0-1037-aws 5.4.0-1037.39~18.04.1
linux-image-aws 5.4.0.1037.21
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4713-1
CVE-2020-28374
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1021.23
https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1020.22
https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1016.18
https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1018.19
https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1013.16
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1037.39
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1039.41
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1036.39
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1032.33
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1037.40
https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1037.39~18.04.1
Ubuntu Security Notice USN-4713-1
January 28, 2021
linux-aws, linux-aws-5.4, linux-azure, linux-gcp, linux-kvm, linux-oracle,
linux-raspi vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
The system could allow unintended access to data in some environments.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi (V8) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
Details:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
linux-image-5.8.0-1013-raspi 5.8.0-1013.16
linux-image-5.8.0-1013-raspi-nolpae 5.8.0-1013.16
linux-image-5.8.0-1016-kvm 5.8.0-1016.18
linux-image-5.8.0-1018-oracle 5.8.0-1018.19
linux-image-5.8.0-1020-azure 5.8.0-1020.22
linux-image-5.8.0-1021-aws 5.8.0-1021.23
linux-image-aws 5.8.0.1021.23
linux-image-azure 5.8.0.1020.20
linux-image-kvm 5.8.0.1016.18
linux-image-oracle 5.8.0.1018.18
linux-image-raspi 5.8.0.1013.16
linux-image-raspi-nolpae 5.8.0.1013.16
Ubuntu 20.04 LTS:
linux-image-5.4.0-1032-kvm 5.4.0-1032.33
linux-image-5.4.0-1036-gcp 5.4.0-1036.39
linux-image-5.4.0-1037-aws 5.4.0-1037.39
linux-image-5.4.0-1037-oracle 5.4.0-1037.40
linux-image-5.4.0-1039-azure 5.4.0-1039.41
linux-image-aws 5.4.0.1037.38
linux-image-azure 5.4.0.1039.37
linux-image-gcp 5.4.0.1036.45
linux-image-kvm 5.4.0.1032.30
linux-image-oracle 5.4.0.1037.34
Ubuntu 18.04 LTS:
linux-image-5.4.0-1037-aws 5.4.0-1037.39~18.04.1
linux-image-aws 5.4.0.1037.21
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4713-1
CVE-2020-28374
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1021.23
https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1020.22
https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1016.18
https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1018.19
https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1013.16
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1037.39
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1039.41
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1036.39
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1032.33
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1037.40
https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1037.39~18.04.1
[USN-4712-1] Linux kernel regression
==========================================================================
Ubuntu Security Notice USN-4712-1
January 28, 2021
linux regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
Summary:
USN-4576-1 introduced a regression in the Linux kernel.
Software Description:
- linux: Linux kernel
Details:
USN-4576-1 fixed a vulnerability in the overlay file system
implementation in the Linux kernel. Unfortunately, that fix introduced
a regression that could incorrectly deny access to overlay files in
some situations. This update fixes the problem.
We apologize for the inconvenience.
Original vulnerability details:
Giuseppe Scrivano discovered that the overlay file system in the Linux
kernel did not properly perform permission checks in some situations. A
local attacker could possibly use this to bypass intended restrictions and
gain read access to restricted files.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
linux-image-5.8.0-41-generic 5.8.0-41.46
linux-image-5.8.0-41-generic-64k 5.8.0-41.46
linux-image-5.8.0-41-generic-lpae 5.8.0-41.46
linux-image-5.8.0-41-lowlatency 5.8.0-41.46
linux-image-generic 5.8.0.41.45
linux-image-generic-64k 5.8.0.41.45
linux-image-generic-lpae 5.8.0.41.45
linux-image-lowlatency 5.8.0.41.45
linux-image-oem-20.04 5.8.0.41.45
linux-image-virtual 5.8.0.41.45
Ubuntu 20.04 LTS:
linux-image-5.4.0-65-generic 5.4.0-65.73
linux-image-5.4.0-65-generic-lpae 5.4.0-65.73
linux-image-5.4.0-65-lowlatency 5.4.0-65.73
linux-image-generic 5.4.0.65.68
linux-image-generic-lpae 5.4.0.65.68
linux-image-lowlatency 5.4.0.65.68
linux-image-oem 5.4.0.65.68
linux-image-oem-osp1 5.4.0.65.68
linux-image-virtual 5.4.0.65.68
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4712-1
https://bugs.launchpad.net/bugs/1900141, https://usn.ubuntu.com/usn/usn-4576-1
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.8.0-41.46
https://launchpad.net/ubuntu/+source/linux/5.4.0-65.73
Ubuntu Security Notice USN-4712-1
January 28, 2021
linux regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
Summary:
USN-4576-1 introduced a regression in the Linux kernel.
Software Description:
- linux: Linux kernel
Details:
USN-4576-1 fixed a vulnerability in the overlay file system
implementation in the Linux kernel. Unfortunately, that fix introduced
a regression that could incorrectly deny access to overlay files in
some situations. This update fixes the problem.
We apologize for the inconvenience.
Original vulnerability details:
Giuseppe Scrivano discovered that the overlay file system in the Linux
kernel did not properly perform permission checks in some situations. A
local attacker could possibly use this to bypass intended restrictions and
gain read access to restricted files.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
linux-image-5.8.0-41-generic 5.8.0-41.46
linux-image-5.8.0-41-generic-64k 5.8.0-41.46
linux-image-5.8.0-41-generic-lpae 5.8.0-41.46
linux-image-5.8.0-41-lowlatency 5.8.0-41.46
linux-image-generic 5.8.0.41.45
linux-image-generic-64k 5.8.0.41.45
linux-image-generic-lpae 5.8.0.41.45
linux-image-lowlatency 5.8.0.41.45
linux-image-oem-20.04 5.8.0.41.45
linux-image-virtual 5.8.0.41.45
Ubuntu 20.04 LTS:
linux-image-5.4.0-65-generic 5.4.0-65.73
linux-image-5.4.0-65-generic-lpae 5.4.0-65.73
linux-image-5.4.0-65-lowlatency 5.4.0-65.73
linux-image-generic 5.4.0.65.68
linux-image-generic-lpae 5.4.0.65.68
linux-image-lowlatency 5.4.0.65.68
linux-image-oem 5.4.0.65.68
linux-image-oem-osp1 5.4.0.65.68
linux-image-virtual 5.4.0.65.68
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4712-1
https://bugs.launchpad.net/bugs/1900141, https://usn.ubuntu.com/usn/usn-4576-1
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.8.0-41.46
https://launchpad.net/ubuntu/+source/linux/5.4.0-65.73
[USN-4710-1] Linux kernel vulnerability
==========================================================================
Ubuntu Security Notice USN-4710-1
January 28, 2021
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux: Linux kernel
Details:
Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-135-generic 4.15.0-135.139
linux-image-4.15.0-135-generic-lpae 4.15.0-135.139
linux-image-4.15.0-135-lowlatency 4.15.0-135.139
linux-image-generic 4.15.0.135.122
linux-image-generic-lpae 4.15.0.135.122
linux-image-lowlatency 4.15.0.135.122
linux-image-powerpc-e500mc 4.15.0.135.122
linux-image-powerpc-smp 4.15.0.135.122
linux-image-powerpc64-emb 4.15.0.135.122
linux-image-powerpc64-smp 4.15.0.135.122
linux-image-virtual 4.15.0.135.122
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4710-1
CVE-2020-25704
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-135.139
Ubuntu Security Notice USN-4710-1
January 28, 2021
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux: Linux kernel
Details:
Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-135-generic 4.15.0-135.139
linux-image-4.15.0-135-generic-lpae 4.15.0-135.139
linux-image-4.15.0-135-lowlatency 4.15.0-135.139
linux-image-generic 4.15.0.135.122
linux-image-generic-lpae 4.15.0.135.122
linux-image-lowlatency 4.15.0.135.122
linux-image-powerpc-e500mc 4.15.0.135.122
linux-image-powerpc-smp 4.15.0.135.122
linux-image-powerpc64-emb 4.15.0.135.122
linux-image-powerpc64-smp 4.15.0.135.122
linux-image-virtual 4.15.0.135.122
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4710-1
CVE-2020-25704
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-135.139
[USN-4709-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4709-1
January 28, 2021
linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
Details:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19813,
CVE-2019-19816)
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1087-kvm 4.4.0-1087.96
linux-image-4.4.0-1145-raspi2 4.4.0-1145.155
linux-image-4.4.0-1149-snapdragon 4.4.0-1149.159
linux-image-kvm 4.4.0.1087.85
linux-image-raspi2 4.4.0.1145.145
linux-image-snapdragon 4.4.0.1149.141
Ubuntu 14.04 ESM:
linux-image-4.4.0-1085-aws 4.4.0-1085.89
linux-image-aws 4.4.0.1085.82
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4709-1
CVE-2018-13093, CVE-2019-19813, CVE-2019-19816, CVE-2020-25669,
CVE-2020-28374
Package Information:
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1087.96
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1145.155
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1149.159
Ubuntu Security Notice USN-4709-1
January 28, 2021
linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
Details:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19813,
CVE-2019-19816)
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1087-kvm 4.4.0-1087.96
linux-image-4.4.0-1145-raspi2 4.4.0-1145.155
linux-image-4.4.0-1149-snapdragon 4.4.0-1149.159
linux-image-kvm 4.4.0.1087.85
linux-image-raspi2 4.4.0.1145.145
linux-image-snapdragon 4.4.0.1149.141
Ubuntu 14.04 ESM:
linux-image-4.4.0-1085-aws 4.4.0-1085.89
linux-image-aws 4.4.0.1085.82
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4709-1
CVE-2018-13093, CVE-2019-19813, CVE-2019-19816, CVE-2020-25669,
CVE-2020-28374
Package Information:
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1087.96
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1145.155
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1149.159
[USN-4708-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4708-1
January 28, 2021
linux, linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19813,
CVE-2019-19816)
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)
Daniel Axtens discovered that PowerPC RTAS implementation in the Linux
kernel did not properly restrict memory accesses in some situations. A
privileged local attacker could use this to arbitrarily modify kernel
memory, potentially bypassing kernel lockdown restrictions.
(CVE-2020-27777)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-201-generic 4.4.0-201.233
linux-image-4.4.0-201-generic-lpae 4.4.0-201.233
linux-image-4.4.0-201-lowlatency 4.4.0-201.233
linux-image-4.4.0-201-powerpc-e500mc 4.4.0-201.233
linux-image-4.4.0-201-powerpc-smp 4.4.0-201.233
linux-image-4.4.0-201-powerpc64-emb 4.4.0-201.233
linux-image-4.4.0-201-powerpc64-smp 4.4.0-201.233
linux-image-generic 4.4.0.201.207
linux-image-generic-lpae 4.4.0.201.207
linux-image-lowlatency 4.4.0.201.207
linux-image-powerpc-e500mc 4.4.0.201.207
linux-image-powerpc-smp 4.4.0.201.207
linux-image-powerpc64-emb 4.4.0.201.207
linux-image-powerpc64-smp 4.4.0.201.207
linux-image-virtual 4.4.0.201.207
Ubuntu 14.04 ESM:
linux-image-4.4.0-201-generic 4.4.0-201.233~14.04.1
linux-image-4.4.0-201-generic-lpae 4.4.0-201.233~14.04.1
linux-image-4.4.0-201-lowlatency 4.4.0-201.233~14.04.1
linux-image-4.4.0-201-powerpc-e500mc 4.4.0-201.233~14.04.1
linux-image-4.4.0-201-powerpc-smp 4.4.0-201.233~14.04.1
linux-image-4.4.0-201-powerpc64-emb 4.4.0-201.233~14.04.1
linux-image-4.4.0-201-powerpc64-smp 4.4.0-201.233~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.201.176
linux-image-generic-lts-xenial 4.4.0.201.176
linux-image-lowlatency-lts-xenial 4.4.0.201.176
linux-image-powerpc-e500mc-lts-xenial 4.4.0.201.176
linux-image-powerpc-smp-lts-xenial 4.4.0.201.176
linux-image-powerpc64-emb-lts-xenial 4.4.0.201.176
linux-image-powerpc64-smp-lts-xenial 4.4.0.201.176
linux-image-virtual-lts-xenial 4.4.0.201.176
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4708-1
CVE-2018-13093, CVE-2019-19813, CVE-2019-19816, CVE-2020-25669,
CVE-2020-27777
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-201.233
Ubuntu Security Notice USN-4708-1
January 28, 2021
linux, linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19813,
CVE-2019-19816)
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)
Daniel Axtens discovered that PowerPC RTAS implementation in the Linux
kernel did not properly restrict memory accesses in some situations. A
privileged local attacker could use this to arbitrarily modify kernel
memory, potentially bypassing kernel lockdown restrictions.
(CVE-2020-27777)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-201-generic 4.4.0-201.233
linux-image-4.4.0-201-generic-lpae 4.4.0-201.233
linux-image-4.4.0-201-lowlatency 4.4.0-201.233
linux-image-4.4.0-201-powerpc-e500mc 4.4.0-201.233
linux-image-4.4.0-201-powerpc-smp 4.4.0-201.233
linux-image-4.4.0-201-powerpc64-emb 4.4.0-201.233
linux-image-4.4.0-201-powerpc64-smp 4.4.0-201.233
linux-image-generic 4.4.0.201.207
linux-image-generic-lpae 4.4.0.201.207
linux-image-lowlatency 4.4.0.201.207
linux-image-powerpc-e500mc 4.4.0.201.207
linux-image-powerpc-smp 4.4.0.201.207
linux-image-powerpc64-emb 4.4.0.201.207
linux-image-powerpc64-smp 4.4.0.201.207
linux-image-virtual 4.4.0.201.207
Ubuntu 14.04 ESM:
linux-image-4.4.0-201-generic 4.4.0-201.233~14.04.1
linux-image-4.4.0-201-generic-lpae 4.4.0-201.233~14.04.1
linux-image-4.4.0-201-lowlatency 4.4.0-201.233~14.04.1
linux-image-4.4.0-201-powerpc-e500mc 4.4.0-201.233~14.04.1
linux-image-4.4.0-201-powerpc-smp 4.4.0-201.233~14.04.1
linux-image-4.4.0-201-powerpc64-emb 4.4.0-201.233~14.04.1
linux-image-4.4.0-201-powerpc64-smp 4.4.0-201.233~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.201.176
linux-image-generic-lts-xenial 4.4.0.201.176
linux-image-lowlatency-lts-xenial 4.4.0.201.176
linux-image-powerpc-e500mc-lts-xenial 4.4.0.201.176
linux-image-powerpc-smp-lts-xenial 4.4.0.201.176
linux-image-powerpc64-emb-lts-xenial 4.4.0.201.176
linux-image-powerpc64-smp-lts-xenial 4.4.0.201.176
linux-image-virtual-lts-xenial 4.4.0.201.176
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4708-1
CVE-2018-13093, CVE-2019-19813, CVE-2019-19816, CVE-2020-25669,
CVE-2020-27777
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-201.233
Wednesday, January 27, 2021
Another delay in the master->main src.fedoraproject.org changes
Greetings everyone. As you know from our last announcement, we had
pushed our changes for src.fedoraproject.org out another week. That was
going to be today.
https://fedoraproject.org/wiki/Changes/GitRepos-master-to-main
Unfortunately, the mass rebuild is still submitting changes and we
aren't fully ready yet anyhow, so we are going to move the change out
another week, to 2021-02-02.
We will send an announcement when we start the changes.
Thanks for everyone's continued patience.
kevin
pushed our changes for src.fedoraproject.org out another week. That was
going to be today.
https://fedoraproject.org/wiki/Changes/GitRepos-master-to-main
Unfortunately, the mass rebuild is still submitting changes and we
aren't fully ready yet anyhow, so we are going to move the change out
another week, to 2021-02-02.
We will send an announcement when we start the changes.
Thanks for everyone's continued patience.
kevin
[USN-4705-2] Sudo vulnerability
==========================================================================
Ubuntu Security Notice USN-4705-2
January 27, 2021
sudo vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Sudo.
Software Description:
- sudo: Provide limited super user privileges to specific users
Details:
USN-4705-1 fixed a vulnerability in Sudo. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that Sudo incorrectly handled memory when parsing command
lines. A local attacker could possibly use this issue to obtain unintended
access to the administrator account. (CVE-2021-3156)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
sudo 1.8.9p5-1ubuntu1.5+esm6
Ubuntu 12.04 ESM:
sudo 1.8.3p1-1ubuntu3.10
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4705-2
https://usn.ubuntu.com/4705-1
CVE-2021-3156
Ubuntu Security Notice USN-4705-2
January 27, 2021
sudo vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Sudo.
Software Description:
- sudo: Provide limited super user privileges to specific users
Details:
USN-4705-1 fixed a vulnerability in Sudo. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that Sudo incorrectly handled memory when parsing command
lines. A local attacker could possibly use this issue to obtain unintended
access to the administrator account. (CVE-2021-3156)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
sudo 1.8.9p5-1ubuntu1.5+esm6
Ubuntu 12.04 ESM:
sudo 1.8.3p1-1ubuntu3.10
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4705-2
https://usn.ubuntu.com/4705-1
CVE-2021-3156
List of long term FTBFS packages to be retired in a week
Dear maintainers.
Based on the current fail to build from source policy, the following packages
will be retired from Fedora 34 approximately one week before branching (= 1 week
from now).
Policy:
https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/
Note that some listed packages are orphaned and hence may be retired even sooner.
The packages in rawhide were not successfully built at least since Fedora 32.
This report is based on dist tags.
Packages collected via:
https://github.com/hroncok/fedora-report-ftbfs-retirements/blob/master/ftbfs-retirements.ipynb
If you see a package that was built, please let me know.
If you see a package that should be exempted from the process, please let me
know and we can work together to get a FESCo approval for that.
If you see a package that can be rebuilt, please do so.
Package (co)maintainers Latest build
=============================================================================
boo elsupergomez, orphan, tpokorra Fedora 31
sugar-flipsticks callkalpa, chimosky, pbrobinson, tuxbrewr Fedora 31
sugar-getiabooks callkalpa, chimosky, pbrobinson, tuxbrewr Fedora 31
sugar-infoslicer callkalpa, chimosky, pbrobinson, tuxbrewr Fedora 31
sugar-ruler callkalpa, chimosky Fedora 31
sugar-starchart callkalpa, chimosky, orphan Fedora 31
sugar-view-slides callkalpa, chimosky, pbrobinson, tuxbrewr Fedora 31
No packages require the above mentioned packages.
Affected (co)maintainers
callkalpa: sugar-ruler, sugar-infoslicer, sugar-starchart, sugar-getiabooks,
sugar-view-slides, sugar-flipsticks
chimosky: sugar-ruler, sugar-infoslicer, sugar-starchart, sugar-getiabooks,
sugar-view-slides, sugar-flipsticks
elsupergomez: boo
pbrobinson: sugar-view-slides, sugar-getiabooks, sugar-flipsticks, sugar-infoslicer
tpokorra: boo
tuxbrewr: sugar-view-slides, sugar-getiabooks, sugar-flipsticks, sugar-infoslicer
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Based on the current fail to build from source policy, the following packages
will be retired from Fedora 34 approximately one week before branching (= 1 week
from now).
Policy:
https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/
Note that some listed packages are orphaned and hence may be retired even sooner.
The packages in rawhide were not successfully built at least since Fedora 32.
This report is based on dist tags.
Packages collected via:
https://github.com/hroncok/fedora-report-ftbfs-retirements/blob/master/ftbfs-retirements.ipynb
If you see a package that was built, please let me know.
If you see a package that should be exempted from the process, please let me
know and we can work together to get a FESCo approval for that.
If you see a package that can be rebuilt, please do so.
Package (co)maintainers Latest build
=============================================================================
boo elsupergomez, orphan, tpokorra Fedora 31
sugar-flipsticks callkalpa, chimosky, pbrobinson, tuxbrewr Fedora 31
sugar-getiabooks callkalpa, chimosky, pbrobinson, tuxbrewr Fedora 31
sugar-infoslicer callkalpa, chimosky, pbrobinson, tuxbrewr Fedora 31
sugar-ruler callkalpa, chimosky Fedora 31
sugar-starchart callkalpa, chimosky, orphan Fedora 31
sugar-view-slides callkalpa, chimosky, pbrobinson, tuxbrewr Fedora 31
No packages require the above mentioned packages.
Affected (co)maintainers
callkalpa: sugar-ruler, sugar-infoslicer, sugar-starchart, sugar-getiabooks,
sugar-view-slides, sugar-flipsticks
chimosky: sugar-ruler, sugar-infoslicer, sugar-starchart, sugar-getiabooks,
sugar-view-slides, sugar-flipsticks
elsupergomez: boo
pbrobinson: sugar-view-slides, sugar-getiabooks, sugar-flipsticks, sugar-infoslicer
tpokorra: boo
tuxbrewr: sugar-view-slides, sugar-getiabooks, sugar-flipsticks, sugar-infoslicer
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Subscribe to:
Posts (Atom)