Displaying 20 results from an estimated 1000 matches similar to: "@BSDcon: FreeBSD Security Officer BoF"
2003 Jul 14
0
Security Officer-supported branches update
Hello Everyone,
The branches supported by the FreeBSD Security Officer have been
updated to reflect recent releases and EoL (end-of-life) events. The
new list is below (and should appear at
<URL: http://www.freebsd.org/security/ > soon).
In particular, FreeBSD 4.6 and FreeBSD 5.0 have `expired'. If you wish
to be certain to get critical bug fixes, it is recommended that you
upgrade
2004 Jan 09
0
Security Officer-supported branches update
Hello Everyone,
The branches supported by the FreeBSD Security Officer have been
updated to reflect recent EoL (end-of-life) events. The new list is
below (and should appear at <URL: http://www.freebsd.org/security/ >
soon). FreeBSD 4.7 has `expired', but I have extended the EoL date
for FreeBSD 5.1.
If you are running FreeBSD 4.7 or older and you wish to be certain to
get critical
2003 Nov 26
0
HEADS-UP: BIND denial-of-service vulnerability
Hello Everyone,
ISC has released new versions of BIND 8 which address a remotely
exploitable denial-of-service vulnerability that may allow an attacker
to perform `negative cache poisoning'--- convincing a name server that
certain RRs do not exist (even though they may). I do not know of any
workaround at this time.
I have committed fixes to the RELENG_5_1 and RELENG_4_9 security
branches.
2004 Dec 31
0
Security Officer-supported branches update
Hello Everyone,
The branches supported by the FreeBSD Security Officer have been
updated to reflect recent EoL (end-of-life) events. The new list is
below and at <URL: http://www.freebsd.org/security/ >. FreeBSD 5.2.1
has `expired' and is no longer supported effective January 1, 2005.
Also note that FreeBSD 4.9 ceased to be supported on November 1, 2004,
while FreeBSD 4.8 will
2003 Sep 30
1
OpenSSL heads-up
Hello Everyone,
You may have seen the recent announcement regarding new OpenSSL
vulnerabilities. <URL: http://www.openssl.org/news/secadv_20030930.txt >
Just thought I'd drop a line to head off the usual questions. :-)
Don't panic. The vulnerability is denial-of-service.
OpenSSL 0.9.7c will be imported into -CURRENT and -STABLE over the
next couple of days, and included
2003 Mar 29
0
HEADS UP: new sendmail issue
Hello,
Expect to see commits to all branches today, and a FreeBSD advisory
following sometime today or tomorrow.
<URL: http://www.cert.org/advisories/CA-2003-12.html >
<URL: http://www.sendmail.org/8.12.9.html >
Cheers,
--
Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/
NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos
2003 Aug 25
0
NOTE regarding sendmail DNS map issue
You may or may not have already seen:
<URL: http://www.sendmail.org/dnsmap1.html>
I thought I'd drop an explanatory note here until I publish an
advisory. This problem has been known for some time (it was first
reported in FreeBSD PR#54367). The default configuration of
sendmail is unaffected, and it is unknown whether the issue is truly
exploitable by any means. Nonetheless, I
2004 Apr 03
1
Security branch lifetime changes
Hi Folks,
I have extended the lifetime of the RELENG_4_8 security branch, and of
security branches in general:
----- Forwarded message from Jacques Vidrine <nectar@FreeBSD.org> -----
Date: Sat, 3 Apr 2004 07:23:54 -0800 (PST)
From: Jacques Vidrine <nectar@FreeBSD.org>
To: doc-committers@FreeBSD.org, cvs-doc@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit:
2003 Oct 02
3
HEADS UP: upcoming security advisories
Hello Folks,
Just a status on upcoming advisories.
FreeBSD-SA-03:15.openssh
This is in final review and should be released today. Fixes
for this issue entered the tree on September 24. I apologize
for the delay in getting this one out.
FreeBSD-SA-03:16.filedesc
A reference counting bug was discovered that could lead to
kernel memory disclosure or a system panic.
2003 Sep 17
3
Sendmail vulnerability
You've probably already seen the latest sendmail vulnerability.
http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html
I believe you can apply the following patch to any of the security
branches:
http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18
Download the patch and:
# cd /usr/src
# patch -p1 < /path/to/patch
#
2003 Sep 17
3
Sendmail vulnerability
You've probably already seen the latest sendmail vulnerability.
http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html
I believe you can apply the following patch to any of the security
branches:
http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18
Download the patch and:
# cd /usr/src
# patch -p1 < /path/to/patch
#
2005 Feb 22
0
VuXML.org improvements
Hello Everyone,
I have made a few small changes to the VuXML.org web sites,
http://www.vuxml.org/freebsd/ (aka vuxml.freebsd.org)
and http://www.vuxml.org/openbsd/
- Date-oriented indices (e.g. entry date index) visually group entries
from the same date.
- The package name index is more useful, listing individual package names.
- Each package referenced in VuXML now has its own index
2005 May 23
1
TCP timestamp vulnerability
On May 19, 2005, at 5:53 AM, Christian Brueffer wrote:
> Hi,
>
> fixes for the vulnerability described in http://www.kb.cert.org/
> vuls/id/637934
> were checked in to CURRENT and RELENG_5 by ps in April.
>
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c
>
> Revisions 1.270 and 1.252.2.16
>
> He didn't commit it to RELENG_5_4 for some
2004 Aug 17
1
remotely exploitable vulnerability in lukemftpd / tnftpd
Hi Everyone,
http://vuxml.freebsd.org/c4b025bb-f05d-11d8-9837-000c41e2cdad.html
A critical vulnerability was found in lukemftpd, which shipped with some
FreeBSD versions (4.7 and later). However, with the exception of
FreeBSD 4.7, lukemftpd was not built and installed by default. So,
unless you are running FreeBSD 4.7-RELEASE or specified WANT_LUKEMFTP
when building FreeBSD from source, you
2003 Aug 12
0
Fw: Certification (was RE: realpath(3) et al)
That /. shit is indeed VERY annoying :( (FreeBSD dead WTF!!)
But if I have to convince a customer why to choose for FreeBSD, I always use
Yahoo! as an example. They got some ridiculous traffic and that site is
ultra fast.
They always buy that :D
So for now i dont need an audit
>
>
> ----- Original Message -----
> From: "Devon H. O'Dell" <dodell@sitetronics.com>
2004 Apr 07
0
Note to Racoon users (IKE/ISAKMP daemon)
As was accidently posted here earlier by Ralf :-), you should be aware
of this issue:
http://vuxml.freebsd.org/d8769838-8814-11d8-90d1-0020ed76ef5a.html
racoon fails to verify signature during Phase 1
Affected packages
racoon < 20040407b
Details
VuXML ID d8769838-8814-11d8-90d1-0020ed76ef5a
Discovery 2004-04-05
Entry 2004-04-07
Ralf Spenneberg discovered a serious
2004 Apr 15
0
Testing redirection of security@FreeBSD.org
postmaster@ reports that <security@FreeBSD.org> is now an alias for
the secteam list.
--
Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
2004 Apr 19
0
VuXML and FreeBSD
Hello All,
I'd like to bring to your attention the Vulnerabilities and eXposures
Markup Language (VuXML) and associated resources.
VuXML is a markup language designed for the documentation of security
issues within a single package collection. Since about February
of this year, we have been diligently documenting vulnerabilities
in FreeBSD and the FreeBSD Ports Collection using VuXML. The
2004 Apr 07
5
Changing `security@freebsd.org' alias
Hello Folks,
The official email address for this list is
`freebsd-security@freebsd.org'. Due to convention, there is an email
alias for this list: security@freebsd.org, just as there is for
hackers@ & freebsd-hackers@, arch@ & freebsd-arch@, and so on.
The security@freebsd.org alias has been the source of occassional
problems. Several times in the past, postings have been made to
2003 Sep 16
9
OpenSSH heads-up
OK, an official OpenSSH advisory was released, see here:
<URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html >
The fix is currently in FreeBSD -CURRENT and -STABLE. It will be
applied to the security branches as well today. Attached are patches:
buffer46.patch -- For FreeBSD 4.6-RELEASE and later
buffer45.patch -- For FreeBSD 4.5-RELEASE and