login
Search
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1Hello Everyone,
The branches supported by the FreeBSD Security Officer have been updated
to reflect recent EoL (end-of-life) events. The new list is below and
at <URL: http://security.freebsd.org/ >. FreeBSD 5.5, FreeBSD 6.1, and
FreeBSD 6.2 have `expired' and are no longer supported effective June 1,
2008. Users of these releases are advised to upgrade promptly to FreeBSD
6.3 or FreeBSD 7.0, either by downloading an updated source tree and
building updates manually, or (for i386 and amd64 systems) using the
FreeBSD Update utility as described in the FreeBSD 6.3 and FreeBSD 7.0
release announcements.This marks the end of support by the FreeBSD Security Team for the
FreeBSD 5-STABLE branch, and at this time support for running software
from the ports tree on FreeBSD 5.x is also ceasing: Packages for binary
installations will no longer be built for FreeBSD 5.5, building ports
from source on FreeBSD 5.x will no longer be supported, and the ports
INDEX will no longer be built and made available via portsnap or the
'make fetchindex' target. Patches for individual ports specific for
their functioning on FreeBSD 5.5 may still be accepted at the discretion
of the port maintainer.[Excerpt from http://security.freebsd.org/ follows]
FreeBSD Security Advisories
The FreeBSD Security Officer provides security advisories for
several branches of FreeBSD development. These are the -STABLE
Branches and the Security Branches. (Advisories are not issued for
the -CURRENT Branch.)* There is usually only a single -STABLE branch, although during
the transition from one major development line to another
(such as from FreeBSD 5.x to 6.x), there is a time span in
which there are two -STABLE branches. The -STABLE branch tags
have names like RELENG_6. The corresponding builds have names
like FreeBSD 6.1-STABLE.* Each FreeBSD Release has an associated Security Branch. The
...
Hi Everyone,
The FreeBSD Status Reports for the Fourth Quarter of 2007 are now
available at:http://www.freebsd.org/news/status/report-2007-10-2007-12.html
Regards,
Brad Davis
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1=============================================================================
FreeBSD-SA-06:01.texindex Security Advisory
The FreeBSD ProjectTopic: Texindex temporary file privilege escalation
Category: contrib
Module: texinfo
Announced: 2006-01-11
Credits: Frank Lichtenheld
Affects: All FreeBSD releases.
Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE)
2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2)
2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE)
2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9)
2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24)
2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE)
2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14)
2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20)
CVE Name: CAN-2005-3011For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.I. Background
TeX is a document typesetting system which is popular in the mathematics,
physics, and computer science realms because of its ability to typeset
complex mathematical formulas. texindex(1) is a utility which is often
used to generate a sorted index of a TeX file.II. Problem Description
The "sort_offline" function used by texindex(1) employs the "maketempname"
function, which produces predictable file names and fails to validate that
the paths do not exist.III. Impact
These predictable temporary file names are problematic because they
allow an attacker to take advantage of a race condition in order to
execute a symlink attack, which could enable them to overwrite files
on the system in the c...
Dear FreeBSD users,
The FreeBSD project is finally, after much work, pleased to announce the
availability of an official FreeBSD web based discussion forum. It is
our hope that this forum will serve as a public support channel for
FreeBSD users around the world and as a complement to our fine mailing
lists.You can register and start using our new service here:
The structure of the forum is still in a late beta stage, so if you have
ideas, suggestions for improvements or bug reports, send them to:
forum-moderators at FreeBSD dot org.Please also have a look at our rules before you create your first thread
or post your first message. You can find our official list of forum
rules here:http://forums.freebsd.org/faq.php?faq=vb_faq#faq_rules
Also, FreeBSD developers (people with commit access to our CVS/SVN trees)
can be distinguished by having an '@' character at the end of their
username.It is our hope that both users and developers will find this new service
useful. Please help spread the word.Sincerely,
The FreeBSD Forums Admin Team
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
---------------------------------------
Call for Papers
2007 USENIX Annual Technical Conference
June 17-22, 2006, Santa Clara, CA
Paper Submissions Deadline: January 9, 2007
http://www.usenix.org/usenix07/cfpa/
---------------------------------------Dear Colleague,
On behalf of the 2007 USENIX Annual Technical Conference program
committee, we request your ideas, proposals, and papers for tutorials,
refereed papers, and a poster session.The program committee invites you to submit original and innovative
papers to the Refereed Papers Track of the 2007 USENIX Annual Technical
Conference. Authors are required to submit full papers by 11:59 p.m.
PST, Tuesday,
January 9, 2007.We seek high-quality submissions that further the knowledge and
understanding of modern computing systems, with an emphasis on practical
implementations and experimental results. We encourage papers that break
new ground or present insightful results based on experience with
computer systems. The USENIX conference has a broad scope.Specific topics of interest include but are not limited to:
* Architectual interaction
* Benchmarking
* Deployment experience
* Distributed and parallel systems
* Embedded systems
* Energy/power management
* File and storage systems
* Networking and network services
* Operating systems
* Reliability, availability, and scalability
* Security, privacy, and trust
* System and network management
* Usage studies and workload characterization
* Virtualization
* Web technology
* Wireless and mobile systemsMore information on these and other submission guidelines is available
on our Web site:http://www.usenix.org/usenix07/cfpa/
IMPORTANT DATES:
Paper submissions due: Tuesday, January 9, 2007, 11:59 p.m. PST
Notification to authors: Monday, March 19, 2007
Final papers due: Tuesday, April 24, 2007Please note that January 9 is a hard deadline; no extensions will be
given.We look forward to your submissions.
On behalf of the Annual Tech '07 Confe...
The FreeBSD Release Engineering Team is pleased to announce the availability
of FreeBSD 6.2-RELEASE. This release continues the development of the
6-STABLE branch providing performance and stability improvements, many
bug fixes and new features. Some of the highlights:- freebsd-update(8) provides officially supported binary updates for
security fixes and errata patches
- Experimental support for CAPP security event auditing
- OpenBSM audit command line tool suite and library
- KDE updated to 3.5.4, GNOME updated to 2.16.1
- csup(1) integrated cvsup client now included
- Disk integrity protection and authentication added to geli(4)
- New amdsmb(4), enc(4) ipmi(4), nfsmb(4), stge(4) drivers
- IPFW(4) packet tagging
- Linux emulation support for sysfs
- BIND updated to 9.3.3
- Many driver updates including em(4), arcmsr(4), ath(4), bce(4),
ata(4), and iwi(4)For a complete list of new features and known problems, please see the
online release notes and errata list, available at:http://www.FreeBSD.org/releases/6.2R/relnotes.html
http://www.FreeBSD.org/releases/6.2R/errata.htmlFor more information about FreeBSD release engineering activities,
please see:http://www.FreeBSD.org/releng/
Availability
-------------FreeBSD 6.2-RELEASE is now available for the alpha, amd64, i386, ia64,
pc98, powerpc, and sparc64 architectures. It can be installed from bootable
ISO images or over the network; the required files can be downloaded
via FTP or BitTorrent as described in the sections below. While some of
the smaller FTP mirrors may not carry all architectures, they will all
generally contain the more common ones, such as i386 and amd64.MD5 and SHA256 hashes for the release ISO images are included at the
bottom of this message.The contents of the ISO images provided as part of the release has changed
for most of the architectures. Using the i386 architecture as an example,
there are ISO images named "bootonly", "disc1", "disc2", and...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1=============================================================================
FreeBSD-SA-08:05.openssh Security Advisory
The FreeBSD ProjectTopic: OpenSSH X11-forwarding privilege escalation
Category: contrib
Module: openssh
Announced: 2008-04-17
Credits: Timo Juhani Lindfors
Affects: All supported versions of FreeBSD
Corrected: 2008-04-16 23:58:33 UTC (RELENG_7, 7.0-STABLE)
2008-04-16 23:58:52 UTC (RELENG_7_0, 7.1-RELEASE-p1)
2008-04-16 23:59:35 UTC (RELENG_6, 6.3-STABLE)
2008-04-16 23:59:48 UTC (RELENG_6_3, 6.3-RELEASE-p2)
2008-04-17 00:00:04 UTC (RELENG_6_2, 6.2-RELEASE-p12)
2008-04-17 00:00:28 UTC (RELENG_6_1, 6.1-RELEASE-p24)
2008-04-17 00:00:41 UTC (RELENG_5, 5.5-STABLE)
2008-04-17 00:00:54 UTC (RELENG_5_5, 5.5-RELEASE-p20)
CVE Name: CVE-2008-1483For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.I. Background
OpenSSH is an implementation of the SSH protocol suite, providing an
encrypted and authenticated transport for a variety of services,
including remote shell access. The OpenSSH server daemon (sshd)
provides support for the X11 protocol by binding to a port on the
server and forwarding any connections which are made to that port.II. Problem Description
When logging in via SSH with X11-forwarding enabled, sshd(8) fails to
correctly handle the case where it fails to bind to an IPv4 port but
successfully binds to an IPv6 port. In this case, applications which
use X11 will connect to the IPv4 port, even though it had not been
bound by sshd(8) and is therefore not being securely forwarded.III....
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1=============================================================================
FreeBSD-EN-09:05.null Errata Notice
The FreeBSD ProjectTopic: No zero mapping feature
Category: core
Module: kern
Announced: 2009-10-02
Credits: John Baldwin, Konstantin Belousov, Alan Cox, and Bjoern Zeeb
Affects: All supported versions of FreeBSD.
Corrected: 2009-10-02 18:09:56 UTC (RELENG_8, 8.0-RC2)
2009-10-02 18:09:56 UTC (RELENG_7, 7.2-STABLE)
2009-10-02 18:09:56 UTC (RELENG_7_2, 7.2-RELEASE-p4)
2009-10-02 18:09:56 UTC (RELENG_7_1, 7.1-RELEASE-p8)
2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE)
2009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-RELEASE-p7)
2009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-RELEASE-p13)For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.I. Background
In the C programming language, address 0 (NULL) is used to represent
unallocated memory. NULL pointer dereferences are a common class of C
programming bug in which pointers are not properly checked for NULL
before being used. Dereferencing a NULL pointer normally terminates
execution, via a segmentation fault for user processes, or a page
fault panic in the kernel.II. Problem Description
On most architectures, the FreeBSD kernel splits the process virtual
memory address space into two portions: user and kernel. This
improves system call performance by avoiding a full address space
switch when a process enters the kernel, and improves performance for
kernel access to user memory.However, in this design, address 0 is part of the user-controlled
portion of the...
Calling all FreeBSD developers needing assistance with travel expenses
to BSDCan 2007.The Foundation will be providing a limited number of travel grants to
individuals requesting assistance. Please fill out and submit the Travel
Grant Request Form at www.freebsdfoundation.org/documents/ by April 10,
to apply for this grant.Though we would like to support everyone who applies, priority will be
given to FreeBSD developers speaking at the conference. Due to
constrained resources, we would appreciate if developers could look to
their employers first for sponsorship or cost-splitting.Also, to be considered for the grant, you must provide a detailed
justification for attending this conference in the application. Please
describe, not only your purpose for attending, but how the FreeBSD
community will benefit by you attending this conference.Please note, the deadline for submitting Travel Grant Request forms is
April 10, 2007. Applications will not be accepted after this date.Thank You,
The FreeBSD Foundation
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
-----------------------------------------------
2007 USENIX Annual Technical Conference
June 17-22, 2006, Santa Clara, CA
Early Bird Registration Deadline: June 1, 2007
http://www.usenix.org/usenix07/proga
-----------------------------------------------Dear Colleague,
We're pleased to invite you to attend the 2007 USENIX Annual Technical
Conference. This year we're offering 6 days of training running
alongside a 3-day conference program filled with the latest research,
security breakthroughs, and practical approaches to the questions and
problems you wrestle with. You'll also have many opportunities to chat
with peers who share your concerns and interests.Training: Sunday-Friday, June 17-22, 2007
The 6-day training program at USENIX '07 provides in-depth and
immediately useful training on the latest techniques, effective tools,
and best strategies, including:* Richard Bejtlich on TCP/IP Weapons School, Layers 2-3
* Peter Baer Galvin on Solaris 10 Security Features
* AEleen Frisch on Administering Linux in Production Environments
* Steve VanDevender on High-Capacity Email System DesignNew in 2007: SANS at USENIX Annual Tech. In addition to the top-notch
USENIX training, we're partnering with the SANS Institute to offer two
6-day security classes:* SANS Security 504: Hacker Techniques, Exploits, and Incident Handling
* SANS Security 617: Assessing and Securing Wireless NetworksTechnical Sessions: Wednesday-Friday, June 20-22, 2007
The 3-day technical program begins with the keynote address by Mendel
Rosenblum of Stanford University,
=46reeBSD Mall (via iXsystems) has merged with BSD Mall. =A0Over the next m=
onth=20
the BSDMall.com website will be transitioned to FreeBSDMall.com, after whic=
h=20
time FreeBSD Mall will take over order fulfillment for all products. =A0As =
a=20
result of this joining of forces, existing customers can expect faster=20
shipping, better selection, and more BSD community support.We've also got several new t-shirts up at FreeBSDMall.com that you may have=
=20
seen at BSDCan or floating around on the web, including a FreeBSD Jails=20
shirt, an artistic take on the new logo, and the current FreeBSD logo on=20
black. =A0Expect additional new products up on the FreeBSDMall.com site ove=
r=20
the next few months, including posters and more t-shirts. =A0The FreeBSD Ma=
ll=20
will also soon be offering AMD64 versions of FreeBSD as well.We've setup a suggestions (at) freebsdmall.com alias and will follow up wit=
h a=20
submission form on the website. We'd love to hear the community's ideas for=
=20
products and shirts or ways FreeBSD Mall can better serve the community.best,
=2Dmatt=2D-=20
Matt Olander
CTO, iXsystems - "Servers for Open Source" =A0http://www.iXsystems.com
Public Relations, The FreeBSD Project =A0 =A0 =A0 =A0 http://www.FreeBSD.org
BSD on the Desktop! =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
http://www.pcbsd.org
Phone: (408)943-4100 ext. 113 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Fax: =
(408)943-4101=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=20
=46ax: (408)943-4101
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Dear FreeBSD Community,
I am pleased to announce the publication of the FreeBSD Foundation's
Semi-Annual July Newsletter.Go to http://www.freebsdfoundation.org/press/2008Jul-newsletter.shtml
to find out what we've been doing to help the FreeBSD project and community.Thank You,
Deb Goodkin
The FreeBSD Foundation_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
I am proud to announce that BSDCan 2008 registration is now open.
http://www.bsdcan.org/2008/registration.php
We have added a new tutorial to the schedule:
http://www.bsdcan.org/2008/schedule/events/107.en.html
Wireless networking facilities in FreeBSD. Hands-on experience
setting up and inspecting wireless networks. - Sam LefflerAlso, BSDCan 2008 will be the first BSD conference at which you
can sit the BSD Certification exam. Start studying now!http://www.bsdcertification.org/
BTW, if you're into PostgeSQL, consider PGCon, right after BSDCan.
See you in May!
--
Dan Langille -- http://www.langille.org/
dan@langille.org_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
It was 15 years ago that Internet history was forever changed when
FreeBSD 1.0 was released. We will be hosting the 15 Year Anniversary
Party at the meetBSD California conference in Mountain View,
California.meetBSD California, based on the popular meetBSD conference in Poland,
is a 2 day event on Saturday and Sunday, November 15th and 16th, 2008.Besides the intimate BSD conference with notable BSD speakers and
great FreeBSD Anniversary/meetBSD schwag, we'll be having the private
FreeBSD Anniversary party at Buddha Lounge in Mountain View on
Saturday night. Anybody attending the FreeBSD 10 Year Anniversary
Party can attest to the fact that this is not to be missed!Of course, there will be a commemorative anniversary t-shirt for
attendees as well as other exciting prizes ;-)The cost to attend is a nominal $50 dollars. If any profits are made
from the conference attendees and sponsors, after costs are deducted,
they will be donated to the FreeBSD Foundation.What: meetBSD California
When: Saturday & Sunday, November 15th and 16th, 2008
Where: Googleplex in Mountain View, California, USA
Who: Any and all BSD developers, administrators, advocatesRegistration is available at http://www.meetBSD.com. The site accepts
credit card, paypal, and mail-in payment.More details will be posted on the site as they become available and
as the speaker schedule is confirmed. Lunches will be provided for as
well as dinner on Saturday night and we have already reserved
discounted hotel rooms nearby. Buses will be on-hand to shuttle us
from the Googleplex to the party and back to the hotels on Saturday
evening.If your company may be interested in sponsorship, please have them
contact us at info@meetbsd.com.Space is limited, so please plan accordingly.
See you there!
-matt & the meetBSD California conference team
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To uns...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1=============================================================================
FreeBSD-SA-09:09.pipe Security Advisory
The FreeBSD ProjectTopic: Local information disclosure via direct pipe writes
Category: core
Module: kern
Announced: 2009-06-10
Credits: Pieter de Boer
Affects: All supported versions of FreeBSD.
Corrected: 2009-06-10 10:31:11 UTC (RELENG_7, 7.2-STABLE)
2009-06-10 10:31:11 UTC (RELENG_7_2, 7.2-RELEASE-p1)
2009-06-10 10:31:11 UTC (RELENG_7_1, 7.1-RELEASE-p6)
2009-06-10 10:31:11 UTC (RELENG_6, 6.4-STABLE)
2009-06-10 10:31:11 UTC (RELENG_6_4, 6.4-RELEASE-p5)
2009-06-10 10:31:11 UTC (RELENG_6_3, 6.3-RELEASE-p11)For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.I. Background
One of the most commonly used forms of interprocess communication on
FreeBSD and other UNIX-like systems is the (anonymous) pipe. In this
mechanism, a pair of file descriptors is created, and data written to
one descriptor can be read from the other.FreeBSD's pipe implementation contains an optimization known as "direct
writes". In this optimization, rather than copying data into kernel
memory when the write(2) system call is invoked and then copying the
data again when the read(2) system call is invoked, the FreeBSD kernel
takes advantage of virtual memory mapping to allow the data to be copied
directly between processes.II. Problem Description
An integer overflow in computing the set of pages containing data to be
copied can result in virtual-to-physical address lookups not being
performed.III. Impact
An unprivileged process can read pages of ...
FreeBSD Quarterly Status Report
Introduction
This report covers FreeBSD related projects between July and October
2007. The sixth EuroBSDCon was held in Denmark in September. The Google
Summer of Code project came to a close and lots of participants are
working getting their code merged back into FreeBSD.The bugs in the FreeBSD HEAD branch are being shaked out and it is
being prepared for the FreeBSD 7 branching. If your are curious about
what's new in FreeBSD 7.0 we suggest reading Ivan Voras' excellent
summary here .Thanks to all the reporters for the excellent work! We hope you enjoy
reading.
__________________________________________________________________Google Summer of Code
* Summer of Code
* finstall
* FreeBSD-update Front End
* gvirstor
* MTund - Magic Tunnel Daemon
* Porting OpenBSD's sysctl Hardware Sensors Framework to FreeBSD
* Ports Collection infrastructure improvementsProjects
* Apple's MacBook on FreeBSD
* Multi-link PPP daemon (MPD) 5.x
* Multicast DNS
* Porting Linux KVM to FreeBSD
* USBFreeBSD Team Reports
* FreeBSD.org Admins Report
* Ports CollectionNetwork Infrastructure
* Network Stack Virtualization
Documentation
* PC-BSD Handbook
* The Hungarian Documentation Project
* The Spanish Documentation ProjectMiscellaneous
* EuroBSDcon 2007
* GNATS graphs
__________________________________________________________________Apple's MacBook on FreeBSD
URL: http://wiki.freebsd.org/AppleMacbook
Contact: Rui Paulo <rpaulo@FreeBSD.org>
The Summer of Code project went well and we reached interesting
results. At least the Mac Mini should be fully supported by now.
Regarding the other Apple systems, we still need to polish some edges.Open tasks:
1. Integrate rpaulo-macbook p4 branch into CVS.
2. Continue the work on the remaining issues.
...
| Greg Kroah-Hartman | [PATCH 002/196] Chinese: rephrase English introduction in HOWTO |
| Tarkan Erimer | Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 |
| Amit K. Arora | [RFC] Heads up on sys_fallocate() |
| Linus Torvalds | Re: 2.6.25-rc2 System no longer powers off after suspend-to-disk. Screen becomes g... |
git: | |
| David Miller | [GIT]: Networking |
| Jarek Poplawski | Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock(). |
| Gerrit Renker | [PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side) |
| Ray Lee | Re: [BUG] New Kernel Bugs |
