-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-06:11.ipsec                                      Security Advisory
                                                          The FreeBSD Project

Topic:          IPsec replay attack vulnerability

Category:       core
Module:         sys_netipsec
Announced:      2006-03-22
Credits:        Pawel Jakub Dawidek
Affects:        All FreeBSD releases since 4.8-RELEASE
Corrected:      2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE)
                2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6)
                2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE)
                2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13)
                2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28)
                2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE)
                2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16)
                2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22)
CVE Name:       CVE-2006-0905

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.

I.   Background

IPsec is a set of protocols, including ESP (Encapsulating Security Payload)
and AH (Authentication Header), that provide security services for IP
datagrams.  ESP protects IP payloads from wire-tapping by encrypting them
using secret key cryptography algorithms.  AH guarantees the integrity of IP
packets and protects them from intermediate alteration or impersonation by
attaching a cryptographic checksum computed using one-way hash functions.

II.  Problem Description

IPsec provides an anti-replay service which when enabled prevents an attacker
from successfully executing a replay attack.  This is done through the
verification of sequence numbers.  A programming error in the ...
[ message continues ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-EN-10:01.freebsd                                        Errata Notice
                                                          The FreeBSD Project

Topic:          Various FreeBSD 8.0-RELEASE improvements

Category:       core
Module:         kern
Announced:      2010-01-06
Affects:        FreeBSD 8.0-RELEASE.
Corrected:      2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.FreeBSD.org/>.

I.      Background

Since FreeBSD 8.0 was released, several stability and performance problems
have been identified.  This Errata Notice describes several fixes judged to
be of particular importance, but low risk, to users with specific workloads
or using specific features that trigger these problems.

Areas where problems are addressed include NFS, ZFS, Multicast networking,
SCTP as well as the rename(2) syscall.

II.     Description

* Slow NFS client reconnects when using TCP

Under certain circumstances the NFS client can queue requests even though
the remote server has initiated a connection shutdown.
The deferred notice of the shutdown can cause slow reconnects against
an NFS server that drops inactive connections.

* Possible panics in ZFS

Due to inadequate checks, attempts to modify a file on a read-only ZFS
snapshot will lead to a 'dirtying snapshot' kernel panic.

The system will also panic if ZFS is combined with a MAC policy supporting
file system labeling (e.g., mac_biba(4) or mac_mls(4)).

* Multicast regression and panic

Multicast filtering may not pass incoming IGMP messages if the group
has not been joined.  User space routing daemons will therefore not see
all IGMP control traffic.

Further, the system will panic ...
[ message continues ]

FreeBSD Mall, Inc. is happy to announce the availability of FreeBSD
7.1-based products.  The four CD set and DVD are now shipping to
subscribers around the world.

If you haven't yet placed your order, you may do so at
http://www.freebsdmall.com.

You may also elect to start your subscription with the latest release.  
Sit back and relax while each new release of FreeBSD is delivered  
straight to your door.

In addition to CD and DVD products and toolkit, we also have a large  
collection of FreeBSD shirts, hats, jackets, boxer shorts, stickers,  
case-plates, mouse pads, and other promotional materials.

FYI, during the course of the next few months, the Mall site will be  
getting a much needed facelift that will include new promotional BSD  
products. Stay tuned ;-)

Thanks and enjoy!

-matt

_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[ message continues ]