similar to: EoL dates

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:18.openssl Security Advisory The FreeBSD Project Topic: OpenSSL vulnerabilities in ASN.1 parsing Category: crypto Module: openssl Announced:

In regards to FreeBSD-SA-03:05.xdr, does anyone know which static binaries or tools under /bin or /sbin actually use that problem code? The recent XDR fixes the xdrmem_getlong_aligned(), xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(), xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes() functions, but it is difficult to know what uses these (going backwards manually).

Hello Folks, Just a status on upcoming advisories. FreeBSD-SA-03:15.openssh This is in final review and should be released today. Fixes for this issue entered the tree on September 24. I apologize for the delay in getting this one out. FreeBSD-SA-03:16.filedesc A reference counting bug was discovered that could lead to kernel memory disclosure or a system panic.

There's been an ongoing discussion (started by Colin Percival's recent work on nologin) about environment-poisoning attacks via "login -p". I thought I saw a way to address this, but the more I learn, the uglier this looks. Maybe some of the good folks who read freebsd-security can puzzle this one out: Problem: login -p can be used to propagate environment flags in order to

Hi all. This might seem really naive, but can mtree be used effectively as a native-to-core-OS tripwire equivalent? Would it be as efficient in terms of time-to-run and resource requirements? What sort of pitfalls should I be aware of? Has anyone here done this? If so, would you care to share your scripts/techniques? Thanks, Dave -- ______________________

This affects only 3.7p1 and 3.7.1p1. The advice to leave PAM disabled is far from heartening, nor is the semi-lame blaming the PAM spec for implementation bugs. I happen to like OPIE for remote access. Subject: Portable OpenSSH Security Advisory: sshpam.adv This document can be found at: http://www.openssh.com/txt/sshpam.adv 1. Versions affected: Portable OpenSSH versions 3.7p1

I hope this isn't too off topic, but I'd like a quick solution to a problem. I have a small network behind a NAT firewall (FreeBSD of course) and I'd like to block/redirect all traffic from the internal network to the local mail server (same box as firewall) in order to prevent direct smtp requests to the outside world (mainly virus/trokan programs). I think I have it right in this

I seem to remember seeing somewhere (on this list/on the web -- don't remember) that there was some ``Snort-like'' software that was available under the BSD license. Unfortunately, I'm unable to find any information about such software. Was I dreaming, or can anybody else jog my memory? :) Kind regards, Devon H. O'Dell

Hello, Some time ago I wrote PR conf/48170, which discussed the following problem: Syslog messages of facility LOG_AUTHPRIV and priority LOG_NOTICE (or higher) are sent by default to the world-readable log file /var/log/messages. That seems unacceptable since the facility LOG_AUTHPRIV is for hiding sensitive log messages inside a protected file, e.g., /var/log/auth.log. For example, login(1)

I'm curious about the estimated EoL date on 6.2-RELEASE. Current estimate is listed as Jan 31 2008. That's just about 5 months away now. Suggestions for those who are about to be EoL'ed? Thanks.

In http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 it seems RELENG_4 is vulnerable. Is there any work around to a system that has to have ports open ? Version: 1 2/18/2004@03:47:29 GMT >Initial report > <<https://ialert.idefense.com/KODetails.jhtml?irId=207650>https://ialert.idefense.com/KODetails.jhtml?irId=207650; >ID#207650: >FreeBSD Memory Buffer

Hello everybody, I'm a newbie in this list, so I don't know if it's the appropriate place for my question. Anyway, I'd be happy to find out the solution. Please, has anyone simple answer for: I'm looking for an exact list of files, which: 1. MUST have... 2. HAVE FROM BSD INSTALLATION... 3. DO NOT NEED... 4. NEVER MAY... ...the suid-bit set. Of course, it's no problem to

Hello Everyone, In light of the longer-than-expected window between 6.2-RELEASE and 6.2-RELEASE, the End-of-Life date for FreeBSD 6.2 has been adjusted from January 31st, 2008 to May 31st, 2008. As a result, FreeBSD 5.5, FreeBSD 6.1, and FreeBSD 6.2 will all cease to be supported at the end of May 2008. FreeBSD users should plan on upgrading to either FreeBSD 6.3 or FreeBSD 7.0 once those have

Hello Everyone, In light of the longer-than-expected window between 6.2-RELEASE and 6.2-RELEASE, the End-of-Life date for FreeBSD 6.2 has been adjusted from January 31st, 2008 to May 31st, 2008. As a result, FreeBSD 5.5, FreeBSD 6.1, and FreeBSD 6.2 will all cease to be supported at the end of May 2008. FreeBSD users should plan on upgrading to either FreeBSD 6.3 or FreeBSD 7.0 once those have

CVSup is slow, insecure, and a memory hog. However, until now it's been the only option for keeping an up-to-date ports tree, and (thanks to all of the recent work on vuxml and portaudit) it has become quite obvious that keeping an up-to-date ports tree is very important. To provide a secure, lightweight, and fast alternative to CVSup, I've written portsnap. As the name suggests, this

From bugtraq :-( >-----BEGIN PGP SIGNED MESSAGE----- > >Sendmail, Inc., and the Sendmail Consortium announce the availability >of sendmail 8.12.9. It contains a fix for a critical security >problem discovered by Michal Zalewski whom we thank for bringing >this problem to our attention. Sendmail urges all users to either >upgrade to sendmail 8.12.9 or apply a patch for

Hi all, please, is there some utility/command/... to list all installed kernel modules ? Peter Rosa

The FreeBSD Security Officer would normally be sending out this email, but he's a bit busy right now and it is clear from reactions to FreeBSD Security Advisory FreeBSD-SA-04:04.tcp that many people are unaware of the current status of the RELENG_5_1 branch, so I'm going to send out this reminder myself. The branches supported by the FreeBSD Security Officer have been updated to reflect

We're being ping-flooded by the Nachi worm, which probes subnets for systems to attack by sending 92-byte ping packets. Unfortunately, IPFW doesn't seem to have the ability to filter packets by length. Assuming that I stick with IPFW, what's the best way to stem the tide? --Brett Glass

Heya.. Yesterday someone "attacked" by box by connection to several ports.. In other words, a simple portscan.. yet, since my box has "log_in_vain" enabled, so it tries to log everything to /var/log/messages, since the logfile got full and the size went over 100K, it tried to rotate the log to save diskspace. (Apr 16 21:00:00 omikron newsyslog[32137]: logfile turned over due