From nobody Fri Nov 29 09:05:38 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Y06hC5c8yz5dqs8 for ; Fri, 29 Nov 2024 09:04:59 +0000 (UTC) (envelope-from josc@cloudzeeland.nl) Received: from filter09.spamservice.nl (filter09.spamservice.nl [IPv6:2001:1460:3:0:1c00:6fff:fe00:cb1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "*.spamservice.nl", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Y06hB37wlz547H for ; Fri, 29 Nov 2024 09:04:58 +0000 (UTC) (envelope-from josc@cloudzeeland.nl) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=2is.nl header.s=192-174-1620656322 header.b=DL7uGL5g; spf=pass (mx1.freebsd.org: domain of josc@cloudzeeland.nl designates 2001:1460:3:0:1c00:6fff:fe00:cb1 as permitted sender) smtp.mailfrom=josc@cloudzeeland.nl; dmarc=pass (policy=none) header.from=cloudzeeland.nl DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=2is.nl; s=192-174-1620656322; h=Subject:From:To:MIME-Version:Date:Message-ID: Content-Type:reply-to:sender:cc:bcc:in-reply-to:references: content-transfer-encoding; bh=DoBPbNuc1kcSRL1FKnk76F96pJTi7xiwoUBNiq4VyRo=; b=DL7uGL5g+yz4r20GT/SH2okYffVhX4w1Ivy5tbFO78Lmo3pMmRT5VwYvbvXbYcRe5ZXVzDxnct yv0AqasXgRoUO7t7g8syYM8RGw6v7wIY++RNgOVrYNvKFgYZ3ki8sRqh4DvK3ntnF4N+djq/xHhUo dHcnhOYk9DlQBEpTxF1YTXBn9S18BJPgqnjthIaArtwLMOw8bgj8eNq8T39lowzh8EeOSUHkBO9eA SpJLQ4gd1SzGHHkukYJZFGVXQY99+Auo6ed8SL8qHVVt1OwkE5JXTvfXatrRR7/kUltf9Ewrdiy7T BIJVnpTATb+A1mGSYyvejWzfzYu/ZoDRWd7fg==; Received: from v38098.2is.nl ([62.221.192.174]) by filter09.spamservice.nl with esmtps (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tGwvi-001wwn-9i for freebsd-questions@freebsd.org; Fri, 29 Nov 2024 10:04:51 +0100 Received: from [10.10.10.40] (terra.devrijegeest.nl [188.213.94.112]) by v38098.2is.nl (Postfix) with ESMTPSA id 74F86234 for ; Fri, 29 Nov 2024 10:04:48 +0100 (CET) Content-Type: multipart/alternative; boundary="------------JohFCCGD2CCbqPrI050NwfXu" Message-ID: Date: Fri, 29 Nov 2024 10:05:38 +0100 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: nl To: FreeBSD Mailing List From: Jos Chrispijn Subject: FreeBSD-kernel-13.4_1 is vulnerable Organization: -- With both feed on the ground you cannot make any step formward X-Originating-IP: 62.221.192.174 X-SpamExperts-Domain: 2is.nl X-SpamExperts-Username: 62.221.192.174 X-SpamExperts-Outgoing-Class: ham X-SpamExperts-Outgoing-Evidence: Combined (0.07) X-Recommended-Action: accept X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT/ky49kVFsn+m5mIGE0ad6nPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5zBwzYOyw3TMVcHXgRum+xE5RmX5Wddz27geQcwtt3ZFCo/ xMM0hxORRmMMI7DUTwi1LzezWA+wZ/w+NRrZ/Pxb5g+sHZmT3CLVmxntdIVybVbCLlo7Sf9Yt4B6 10NB0tfiRcBfFvQv8oJwpDFinSDDMA6xdMQIKabf2Kvs4ECO/NqmkuIeHhUeRgeVXIf3w3eDwIE7 VKe+bqpcdCns72R17/6Yx/GGKjlpiSb/QkYFcQ27/YQuRj0C/QIjwc+Hmw3BPeWxfLTyo52lpUOn 40xHoOAmb0xgXrrQKITtclJwwjxIPj1UU4msT2Odp9D6f/Om/kpOWQV1ILff1+qZar/CZdONW7YG NNLfGcEBhKT67ufoh27LIOwZIOl5GUtkQLHOCnIebcbgh+F1pa+peoEni2+ZrpvcQF0mktyij7U2 V1mYqffhoXnZj6JC/A974b06g1OJsvkLSv9FZwWCwNMxdzsmm+BTWl2Rx+kvN6TH9H9b+PymYhan 2PPeWq0WbaTDeo2F/515C8kJ0QodJwfrmFGs5lmow6gOzU/CbOds0gEiRQv+PVjjwa+Z5RFCOMQh BPtar/N9jOl3N+JwNPqlgneYl2CbmQ1c/RYOiDQqnt21ekxMEmLoGvA48MOr3O/PzhJQpg6vShRQ eNoRMtB/9csNn/xaXoJTnIU0cdBhWqdM2kmVq603aW6BgyLXzkXGlu2MO8Dz7dyTwUrefxm8ZB/+ YB31LKjh2ixrMjbrxwT4qqjxu+j1FsUOYdCz+Vcd6bBWWD1fHpyuq95cKVjrPAlbDjazCbhs7qBp ykynMqtSGP1zIAlUt/iUF++jwLHcTNTZTn5qT5PB2rpJ7u7Uz/V82I+AFzKiBZTOosCJpfUrVUYA LPrUft9gXHuDK7/3dXwmeUTPq63btlCFySPphM6no0iOK1sNkeZzta2rW1TYM9PfL1ek2Esa7b+p r/pTyFzt1T2qaSm/0D+LI9aF9jihx+Za/cV70jOJzN2r4A== X-Report-Abuse-To: spam@filter6.spamservice.nl X-Spamd-Result: default: False [-2.99 / 15.00]; URI_COUNT_ODD(1.00)[5]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[cloudzeeland.nl,none]; R_DKIM_ALLOW(-0.20)[2is.nl:s=192-174-1620656322]; R_SPF_ALLOW(-0.20)[+ip6:2001:1460::/32]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; XM_UA_NO_VERSION(0.01)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_ALL(0.00)[]; HAS_ORG_HEADER(0.00)[]; RCVD_TLS_ALL(0.00)[]; ASN(0.00)[asn:48635, ipnet:2001:1460::/32, country:NL]; MIME_TRACE(0.00)[0:+,1:+,2:~]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[2is.nl:+]; HAS_XOIP(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[] X-Rspamd-Queue-Id: 4Y06hB37wlz547H X-Spamd-Bar: -- This is a multi-part message in MIME format. --------------JohFCCGD2CCbqPrI050NwfXu Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Not sure if I oversee an update, but still get this message Checking for security vulnerabilities in base (userland & kernel): Database fetched: 2024-11-27T23:30+01:00 FreeBSD-kernel-13.4_1 is vulnerable: FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer CVE: CVE-2024-39281 WWW: https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.html Understand that for FreeBSD 14 this issue has been solved. Can you tell me when a fix will be released for 13.4? Thanks, Jos --------------JohFCCGD2CCbqPrI050NwfXu Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit Not sure if I oversee an update, but still get this message

Checking for security vulnerabilities in base (userland & kernel):
Database fetched: 2024-11-27T23:30+01:00
FreeBSD-kernel-13.4_1 is vulnerable:
  FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer
  CVE: CVE-2024-39281
  WWW: https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.html

Understand that for FreeBSD 14 this issue has been solved.
Can you tell me when a fix will be released for 13.4?

Thanks,
Jos

--------------JohFCCGD2CCbqPrI050NwfXu--