similar to: sendmail patches

freebsd-security-request@freebsd.org wrote: > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > freebsd-security-request@freebsd.org > > You

Well, I *tried* to CC: freebsd-security... I'm forwarding this to get around the "posting from wrong address" filter. -------- Original Message -------- Subject: Re: FW:FreeBSD hiding security stuff Date: Fri, 04 Mar 2005 04:42:48 -0800 From: Colin Percival <cperciva@freebsd.org> To: Jonathan Weiss <tomonage2@gmx.de> CC: freebsd-security@freebsd.org, FreeBSD-Hackers

The mailing list detained my email because I posted from the wrong address... hoepfully it will get through this time. -------- Original Message -------- Subject: Re: Fwd: FreeBSD hiding security stuff Date: Fri, 04 Mar 2005 05:35:32 -0800 From: Colin Percival <cperciva@freebsd.org> To: Devon H. O'Dell <dodell@sitetronics.com> CC: mike@sentex.net, freebsd-security@freebsd.org,

The FreeBSD Security Officer would normally be sending out this email, but he's a bit busy right now and it is clear from reactions to FreeBSD Security Advisory FreeBSD-SA-04:04.tcp that many people are unaware of the current status of the RELENG_5_1 branch, so I'm going to send out this reminder myself. The branches supported by the FreeBSD Security Officer have been updated to reflect

Bill Moran wrote: > This report seems pretty vague. I'm unsure as to whether the alleged > "bug" gives the user any more permissions than he'd already have? Anyone > know any details? This is a local denial of service bug, which was fixed 6 weeks ago in HEAD and RELENG_6. There is no opportunity for either remote denial of service or any privilege escalation. >

> Date: Sat, 29 Oct 2005 07:34:28 -0700 > From: Colin Percival <cperciva@freebsd.org> > Subject: Re: Is the server portion of freebsd-update open source? > To: markzero <mark@darklogik.org> > Cc: freebsd-security@freebsd.org > Message-ID: <43638874.2020004@freebsd.org> > Content-Type: text/plain; charset=ISO-8859-1 > > markzero wrote: > > No this

Bill Moran wrote: > Can anyone define "exceptionally large" as noted in this statement?: > > "NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by > prohibiting the use of exceptionally large public keys. It is believed > that no existing applications legitimately use such key lengths as would > be affected by this change." > > It

Am 24.04.2006 um 23:17 schrieb Colin Percival: > cperciva 2006-04-24 21:17:02 UTC > > FreeBSD src repository > > Modified files: > sys/amd64/amd64 mp_machdep.c > sys/i386/i386 mp_machdep.c > Log: > Adjust dangerous-shared-cache-detection logic from "all shared data > caches are dangerous" to "a shared L1 data cache is

Dear FreeBSD users, Slightly more than three years ago, I released FreeBSD Update, my first major contribution to FreeBSD. Since then, I have become a FreeBSD committer, joined the FreeBSD Security Team, released Portsnap, and become the FreeBSD Security Officer. However, as I have gone from being a graduate student at Oxford University -- busy writing my thesis -- to a researcher at Simon

Hi all, There are rumours flying around about a supposed vulnerability in OpenSSH. Two details which I've seen mentioned many times are (a) that this exploit was used to break into a RedHat system running OpenSSH 4.3 plus backported security patches, and (b) that "recent" versions of OpenSSH are not affected; but it's not clear if there is any basis for these rumours. Given

Hi guys, Does anybody know if freebsd-update is going to be available for 6.1-RELEASE before the end of Colin's "summer of FreeBSD work"? I wouldn't like to bother Colin directly via e-mail, so if anyone already asked for this or something.... Thanx, regards -- Pietro Cerutti <pietro.cerutti@gmail.com>

Hello Everyone! It has been my pleasure and privilege to serve as the FreeBSD Security Officer for the past 3+ years. With the crucial support of the FreeBSD Security Team members, a lot has been accomplished: hundreds of security issues have been researched and tracked, with some resulting in security advisories and patches; software in the Ports Collection are updated more quickly

Dear FreeBSD users, On April 4th, I thought that I had reached my donations target for funding my summer of FreeBSD security development, and asked people to stop sending further donations. Sadly, it seems that this assessment was premature, as it relied upon two large pledges, and it now appears that one of them will not be arriving. Fortunately, Pair Networks -- the other large donor -- has

Hello Everyone, The branches supported by the FreeBSD Security Officer have been updated to reflect recent EoL (end-of-life) events. The new list is below (and should appear at <URL: http://www.freebsd.org/security/ > soon). FreeBSD 4.7 has `expired', but I have extended the EoL date for FreeBSD 5.1. If you are running FreeBSD 4.7 or older and you wish to be certain to get critical

Is there any reason why releases have EoL dates after only 12 months? While it's clear that some sort of EoL is important, I can't think of any security advisories recently which weren't accompanied by patches for all the security branches, even those which are no longer officially supported. Colin Percival

Here's another project for us. We'll want to upgrade to 6.3-RELEASE in May. On Wed, Apr 2, 2008 at 7:00 AM, <freebsd-security-request@freebsd.org> wrote: > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit >

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, The branches supported by the FreeBSD Security Officer have been updated to reflect the EoL (end-of-life) of FreeBSD 6.3. The new list is below and at <URL: http://security.freebsd.org/ >. Users of FreeBSD 6.3 are advised to upgrade promptly to a newer release, either by downloading an updated source tree and building updates

It sounds like the SMP kernel I provided for FreeBSD 5.3 was quite popular, so I've started building an SMP kernel for FreeBSD 5.4 as well, in addition to the usual GENERIC kernel. To take advantage of this on your FreeBSD 5.4 SMP system, run the following commands as root: # touch /boot/kernel/SMP # freebsd-update fetch # freebsd-update install # echo 'bootfile="SMP"'

At the end of March, the RELENG_4_8 (sometimes called 4.8-SECURITY) branch will reach its designated End of Life and cease to be supported by the FreeBSD Security Team. Released in April 2003, FreeBSD 4.8 was the first release designated for "extended" two-year security support instead of the normal one-year support. Over this time, 27 security advisories have been issued which have

Hello Everyone, In light of the longer-than-expected window between 6.2-RELEASE and 6.2-RELEASE, the End-of-Life date for FreeBSD 6.2 has been adjusted from January 31st, 2008 to May 31st, 2008. As a result, FreeBSD 5.5, FreeBSD 6.1, and FreeBSD 6.2 will all cease to be supported at the end of May 2008. FreeBSD users should plan on upgrading to either FreeBSD 6.3 or FreeBSD 7.0 once those have