similar to: FreeBSD Security Advisory FreeBSD-SA-13:07.bind

Hi, this was originally reported on ports@. [1] Someone noticed that after after running sudo their session disappeared when running `w` afterwards. I've done a little experimenting and this is caused when pam_lastlog.so is included in sudo's pam file. This results in the user still being logged in though according to the system logs the user has logged out. Here's an example:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:04.sysret Security Advisory The FreeBSD Project Topic: Privilege escalation when returning from kernel Category: core Module: sys_amd64

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:09.pipe Security Advisory The FreeBSD Project Topic: Local information disclosure via direct pipe writes Category: core Module: kern

http://bugzilla.mindrot.org/show_bug.cgi?id=994 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn|396, 859 | Status|NEW |ASSIGNED Summary|[RELENG] Bugs planned to be |[RELENG] Bugs planned to be

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-12:02.ipv6refcount Errata Notice The FreeBSD Project Topic: Reference count errors in IPv6 code Category: core Modules: sys_netinet sys_netinet6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:12.ftpd Security Advisory The FreeBSD Project Topic: Cross-site request forgery in ftpd(8) Category: core Module: ftpd Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:08.linux Security Advisory The FreeBSD Project Topic: Linux compatibility layer input validation error Category: core Module: kernel

Hi, This was the commit of SA-12:04.sysret to RELENG_7_4, which makes sense to me: http://svnweb.freebsd.org/base/releng/7.4/sys/amd64/amd64/trap.c?r1=216618&r2=236953 But when it was applied to RELENG_8_1, it looks wrong, as if it was applied in the wrong place. The indentation is broken, and the code inserted looks like it wouldn't be effective:

I've just realized that I see in releng/7 something that I did not see in releng/6 - even if I use a file with custom rules in firewall_type I still get default loopback rules installed. I think that this is not correct, I am using custom rules exactly because I want to control *everything* (e.g. all deny rules come with log logamount xxx). -- Andriy Gapon

http://bugzilla.mindrot.org/show_bug.cgi?id=1047 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|[RELENG] Bugs planned to be |[RELENG] Bugs planned to be |fixed for the release after |fixed for the 4.3 release |4.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:09.pam_ssh Security Advisory The FreeBSD Project Topic: pam_ssh improperly grants access when user account has unencrypted SSH private keys

http://bugzilla.mindrot.org/show_bug.cgi?id=914 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Summary|[RELENG] Bugs planned to be |[RELENG] Bugs planned to be |fixed *after* 3.9

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-10:03.zfs Security Advisory The FreeBSD Project Topic: ZFS ZIL playback with insecure permissions Category: contrib Module: zfs Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-13:02.vtnet Errata Notice The FreeBSD Project Topic: vtnet(4) network interface issue on QEMU 1.4.0 and later Category: core Modules: sys_dev Announced:

As some of you may know the FreeBSD Project has been attempting to shift over from "Feature based releases" to "Time based releases" as far as trying to schedule them goes. Lets just say that's still a work in progress (as in doing that with FreeBSD 7.0 didn't work out so well). This is the schedule we will be shooting for through the next several years/branches:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear FreeBSD Community: Although the FreeBSD 11.0-RELEASE has not yet been officially announced, many have found images on the Project FTP mirrors. However, please be aware the final 11.0-RELEASE will be rebuilt and republished on the Project mirrors as a result of a few last-minute security fixes we feel are imperative to include in the final

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear FreeBSD Community: Although the FreeBSD 11.0-RELEASE has not yet been officially announced, many have found images on the Project FTP mirrors. However, please be aware the final 11.0-RELEASE will be rebuilt and republished on the Project mirrors as a result of a few last-minute security fixes we feel are imperative to include in the final

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear FreeBSD Community: [Corrected the date.] Although the FreeBSD 11.0-RELEASE has not yet been officially announced, many have found images on the Project FTP mirrors. However, please be aware the final 11.0-RELEASE will be rebuilt and republished on the Project mirrors as a result of a few last-minute security fixes we feel are imperative to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear FreeBSD Community: [Corrected the date.] Although the FreeBSD 11.0-RELEASE has not yet been officially announced, many have found images on the Project FTP mirrors. However, please be aware the final 11.0-RELEASE will be rebuilt and republished on the Project mirrors as a result of a few last-minute security fixes we feel are imperative to

As many of you probably already know, a "SNAP" release is built once per day on the RELENG_2_2 branch (where 2.2.1 came from and from where future 2.2.x releases will be derived) and put up for anonymous FTP at: ftp://releng22.freebsd.org/pub/FreeBSD Since this site isn't always the easiest to get to or mirror, I will also periodically copy "known good" release snapshots