similar to: Recent vulnerabilities in xorg-server

Good day. Just spotted the new advisory from CORE: http://www.securityfocus.com/archive/1/462728/30/0/threaded Not an expert, but FreeBSD's src/sys/kern/uipc_mbuf2.c has the very simular code. Robert, anyone, could you please check? Thank you. -- Eygene

I've used that patch to close the hole. This patch is temporary and doesn't fix real trouble maker - problem in new version in getenv() (after 6.3 it got changed to something monstrous and non-working right if environment has only one variable), hope it will get fixed soon. *** rtld.c.orig Tue Dec 1 16:55:13 2009 --- rtld.c Tue Dec 1 16:55:55 2009 *************** *** 357,374 ****

Hi, Does FASTIPSec in FreeBSD use OCF framework ? Where can I find more documentation ? I wish to run cryptographic algorithms after setting a VPN. What command should I use to run a particular crytographic algorithm (e.g. 3DES etc.) Where can I find all such information ? -- Regards, Bubble

Good day. Fri, Feb 29, 2008 at 04:39:03PM -0000, sipherr@gmail.com wrote: > I just tested this on FreeBSD 6.3. This bug was discovered on NetBSD. It also works on OpenBSD (unconfirmed on 4.2) > > Steps to reproduce: > > 1. Run ppp > > 2. type the following (or atleat some variation of) > >

This note is essentially a request for a reality check. I use IPFW & natd on the box that provides the interface between my home networks and the Internet; the connection is (static) residential DSL. I configured IPFW to accept & log all SSH "setup" requests, and use natd to forward such requests to an internal machine that only accepts public key authentication; that

Hi, I am just new to the FreeBSD system and look forward to take active part in contributing. Can someone please guide where can I find OCF source code in FreeBSD and also is there IKE implementation and OpenSWAN ? Regards, Raja

subj [ODiP] == Dmitry Grigorovich

Hello, If an ordinary user runs: -- snip -- cat > starv.c <<EOF main(){ char *point; while(1) { point = ( char * ) malloc(10000); }} EOF cc starv.c while true do ./a.out & done -- snip -- This will fast starv the operating system (FreeBSD 6.2). I have tried to limit the number of processes and the amount of memmory consumed (in login.conf). There is also a file /etc/malloc.conf

Hi everyone, Not sure if you've read http://www.win.tue.nl/hashclash/SoftIntCodeSign/ . should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? : " MD5 has not yet (2001-09-03) been broken, but sufficient attacks have been made that its security is in some doubt. The attacks on MD5 are in the

I'm not really a developer, but was considering if there is a key vulnerability in geli given that when you change a key there isn't a disk update. Consider the scenario where a new file system is created and populated with some files. At a later time the original key is changed because someone has gained access to the key and passphrase. A new key is generated and attached, but none of

I'm running Ubuntu 9.04. I could use some advice about fonts in postscript devices. > sessionInfo() R version 2.9.0 (2009-04-17) i486-pc-linux-gnu locale: LC_CTYPE=en_US.UTF-8;LC_NUMERIC=C;LC_TIME=en_US.UTF-8;LC_COLLATE=en_US.UTF-8;LC_MONETARY=C;LC_MESSAGES=en_US.UTF-8;LC_PAPER=en_US.UTF-8;LC_NAME=C;LC_ADDRESS=C;LC_TELEPHONE=C;LC_MEASUREMENT=en_US.UTF-8;LC_IDENTIFICATION=C attached base

Jacques A. Vidrine wrote: > On Mon, Mar 29, 2004 at 08:14:29PM +0200, Oliver Eikemeier wrote: > >>Jacques A. Vidrine wrote: >> >>>On Sun, Mar 28, 2004 at 03:44:06PM -0800, Oliver Eikemeier wrote: >>> >>>>eik 2004/03/28 15:44:06 PST >>>> >>>>FreeBSD ports repository >>>> >>>>Modified files:

Hi! cc'd to freebsd-security@ as somebody there may correct me, cc'd to secteam@ as maintaner of security/portaudit. On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote: > I've just updated my acroread port to 7.0.1 & was surprised when portaudit > still listed it as a vulnerability. I think it is portaudit problem. > According to

Why wasn't there a FreeBSD security alert for Kerberos 5? Does FreeBSD use the MIT implementation? I got an email from CERT about this. See the attached message below. -- Daniel Rudy >From - Sat Sep 04 03:22:15 2004 X-UIDL: a8f31551eb03ca144862bddc8ccce266 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Apparently-To: dcrudy@pacbell.net via 206.190.37.79; Fri, 03 Sep 2004

Hi all! I found this today on FD: http://seclists.org/fulldisclosure/2012/Aug/4

Hi, FYI, Red Hat released an advisory today about a vulnerability in Ruby. So far it doesn't appear in the VuXML, but am I correct in presuming it will soon? https://rhn.redhat.com/errata/RHSA-2006-0604.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694 cheers, -- Joel Hatton -- Infrastructure Manager | Hotline: +61 7 3365 4417 AusCERT - Australia's national

Hi, On 8/10/06, Mark Bucciarelli <mark@gaiahost.coop> wrote: > > > There's a scary security alert from yesterday out and no port > update so I judged it to be isp-related. I looked for > ports-security list but didn't see one. > > You know, that might be a very good ideea -- e.g. have a security team and list for ports as we have one for the base distribution.

Dear all, I am sending a patch for extending pdf device to embed popup text and web links. I implemented this feature by using annotation object, a interactive feature of pdf. You can see a sample code for using this feature in the following, and sample pdf is in

Any reason why portaudit and its associated infrastructure was not announced to this list or security-notifications? I recently discovered it, and discovered the feature was added to bsd.port.mk in the beginning of feburary. Seeing as the security officer apparently (without announcement) no longer issues security notices (SNs) for ports, I am assuming that portaudit has replaced SNs entirely,

Hi! We are pleased to release Dovecot v2.3.6. Tarball is available at https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer access when authentication was aborted by disconnecting. *