-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2003-011 ================================= Topic: off-by-one error in realpath(3) Version: NetBSD-current: source prior to August 4, 2003 NetBSD 1.6.1: affected NetBSD 1.6: affected NetBSD-1.5.3: affected NetBSD-1.5.2: affected NetBSD-1.5.1: affected NetBSD-1.5: affected Severity: Possible remote buffer overrun/root compromise Fixed: NetBSD-current: August 4, 2003 NetBSD-1.6 branch: August 5, 2003 (1.6.2 will include the fix) NetBSD-1.5 branch: Awaiting pullups Abstract ======== In the library function realpath(3), there was a string manipulation mistake which could lead to 1-byte buffer overrun. realpath(3) is being used by important network daemons such as ftpd(8), therefore the vulnerability could be remotely exploitable. Note: The same error remained in a derived function in the distribution of the wu-ftpd server (Not part of NetBSD's base system). This information has been available to the general public for a matter of days now. Exploits have been released against wu-ftpd. They are probably being written against other affected services as well. If you offer any of the affected services, you are advised to patch your system immediately. Technical Details ================= http://www.kb.cert.org/vuls/id/743092 Binaries in the NetBSD base system which use realpath(3) include: /bin/systrace /usr/libexec/ftpd (*) /sbin/mount /sbin/umount /usr/sbin/mountd (*) /usr/bin/ssh /usr/sbin/sshd (*) /usr/libexec/sftp-server (*) /usr/sbin/bootpd (*) Binaries marked (*) listen on network interfaces, and could be remotely exploitable. Solutions and Workarounds ========================= To fix this vulnerability you will need to upgrade your libc. The following instructions describe how to upgrade your libc binaries by updating your source tree and rebuilding and installing a new version of libc. Note that all statically-linked binaries, such ...
Moving forward releases for NetBSD are planned to continue in their current fashion but also have the addition of a new branch tracking each release that is designated for security/critical fixes only. This will allow users who are tracking a given release to be able to update for critical fixes without also having to update and/or merge other fixes that may be applied to a release branch as part of it's ongoing maintainence. As such, the branch naming scheme will be: (with a special note for 2.0) CVS branch names: Branch leading up to branch tag release tag branch from 2.0 netbsd-2-0 netbsd-2-0-RELEASE HEAD 2.1 netbsd-2 netbsd-2-1-RELEASE netbsd-2-0-RELEASE 2.2 netbsd-2 netbsd-2-2-RELEASE (no new branch) 2.0.1 netbsd-2-0 netbsd-2-0-1-RELEASE (no new branch) M.0 netbsd-M netbsd-M-0-RELEASE HEAD M.0.p netbsd-M-0 netbsd-M-0-p-RELEASE netbsd-M-0-RELEASE M.m netbsd-M netbsd-M-m-RELEASE (no new branch) M.m.p netbsd-M-m netbsd-M-m-p-RELEASE netbsd-M-m-RELEASE M.m.p+1 netbsd-M-m netbsd-M-m-p+1-RELEASE (no new branch) NOTE: NetBSD 2.0 started with a different branch name (netbsd-2-0) as it was originally following the historical naming scheme before the new branches were added. What this means is anyone tracking NetBSD 2.0 today on the branch who wants to track all changes going into 2.1 should update their cvs tree's with the following: cvs -q up -dPA -rnetbsd-2 The current branch (netbsd-2-0) will continue to exist and eventually will be the basis for the 2.0.1, 2.0.2, etc releases if/when those occur. As it's designed to be used for generating these point releases only it's strongly recommended that users track against the specific release tags on these branches (ala netbsd-2-0-1-RELEASE once that occurs for instance). James
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2008-004 ================================= Topic: bzip2(1) Multiple issues Version: NetBSD-current: affected NetBSD 4.0: affected NetBSD 3.1.*: affected NetBSD 3.1: affected NetBSD 3.0: affected NetBSD 3.0.*: affected Severity: Denial of Service and Race Condition Fixed: NetBSD-current: March 18, 2008 NetBSD-4 branch: March 24, 2008 (4.1 will include the fix) NetBSD-4-0 branch: March 24, 2008 (4.0.1 will include the fix) NetBSD-3-1 branch: March 26, 2008 (3.1.2 will include the fix) NetBSD-3-0 branch: March 26, 2008 (3.0.4 will include the fix) NetBSD-3 branch: March 26, 2008 (3.2 will include the fix) pkgsrc: bzip2-1.0.5 corrects the issue Abstract ======== Multiple issues have been found with the version of bzip2 that ships with NetBSD 3.x, NetBSD 4.x and NetBSD-current. In order to address all these issues bzip2 has been updated to the latest version currently available which contains fixes for these issues. The two known security issues included a race condition and a denial of service. These vulnerabilities have been assigned CVE-2008-1372 for the denial of service and CVE-2005-0953 for the race condition. Technical Details ================= The race condition may allow an attacker to modify the permissions on an existing file owned by a user when a user extracts a crafted bzip2 compressed file. The attacker must have access to the directory in which the file is being decompressed to in order to exploit this issue. An attacker may be able to crash bzip2 by supplying a user with a crafted bzip2 compressed file. Solutions and Workarounds ========================= It is recommended that NetBSD users of vulnerable versions update their binaries. The following instructions describe how to upgrade your bzip2(1) binaries by updating your source tree and rebuilding and installing a new version of ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2006-020 ================================= Topic: Integer overflows in PCF font parsers Version: NetBSD-current: source prior to August 28, 2006 NetBSD 4.0_BETA: affected NetBSD 3.1_RC2: not affected NetBSD 3.0.*: affected NetBSD 3.0: affected NetBSD 2.1: affected NetBSD 2.0.*: affected NetBSD 2.0: affected pkgsrc: xorg-libs-6.9.0nb6 and earlier XFree86-libs-4.4.0nb7 and earlier Severity: Denial of service and potential privilege escalation Fixed: NetBSD-current: August 28, 2006 NetBSD-4 branch: August 29, 2006 (4.0 will include the fix) NetBSD-3-0 branch: August 29, 2006 (3.0.2 will include the fix) NetBSD-3 branch: August 29, 2006 (3.1 will include the fix) NetBSD-2-1 branch: August 29, 2006 NetBSD-2-0 branch: August 29, 2006 NetBSD-2 branch: August 29, 2006 pkgsrc: xorg-libs-6.9.0nb7 corrects the issue XFree86-libs-4.4.0nb8 corrects the issue Abstract ======== There are integer overflows present in the PCF font parsers as supplied with both XFree86 and X11R7.0. This can lead to a denial of service attack and potentially arbitrary code execution. This vulnerability can be triggered by a user parsing an untrusted PCF font file. This vulnerability has been assigned CVE reference CVE-2006-3467. Technical Details ================= Integer overflows in the PCF font parsers can crash the X servers and potentially lead to arbitrary code execution. Solutions and Workarounds ========================= While X11R7.0 from X.Org is in both the HEAD and netbsd-4 branches it is currently not integrated fully into the base distribution. No NetBSD releases contain X11R7.0 binaries and as such it is not necessary to rebuild anything from source. The instructions below will patch the relevant X11R7.0 source files so that if users are experimenting with X11R7.0 it will contain the necessary security ...
Summary of Changes to the NetBSD Packages Collection in June 2002 ================================================================= [For a full listing of the changes, please refer to the mail in the tech-pkg archives - agc] By my calculations, there were 2970 packages in the packages collection at the end of June, up from 2898 the previous month, a rise of 72. Notable additions to the packages collection include: adom, ap2-perl, arirang, autoconvert, bbmail, bbrun, bg5ps, Canna-dict and server, check, Chinput, cross-h8300-hms binutils and gcc, demime, dnetc, docsis, eblook, edonkey2k, eggdrop, emech, esms, fcgi, gkrellm-volume, glpk, goofey, gscope, gsmlib, hypermail, hztty, icepref, FreeWnn dict and server, ja-samba, some kde3 packages (thanks to Nick, Mark, Jan and everyone), kttcp, leafnode, lhs, libtabe, links-gui, metacity, mpg123-esound, mpg321, mpgtx, mtoolsfm, nbitools, various Perl utilities, pcl-cvs, php4-mhash, various Python Unicode codecs, pyDict, randread, the rox suite (thanks, Chris), sipcalc, sj3 dict and server, star, stardic, su2, swill, sylpheed-claws, ttmkfdir, unicon, windowmaker-desktop, wmmp3, wmsmixer, wmusic, xbindkeys, xcin, xclip, xfm, yafc, yamt and yup. Notable updated packages in the packages collection include: amavis-perl, ap-ssl, apache, apache6, asp2php, atk, audit-packages, awka, bidwatcher, bind4, bind8, bozohttpd, canna lib and server, canuum, cheesetracker, coda5 (client and server), conserver, courier-imap, cpuflags, curl, cvsweb, dillo, doc++, eb, ekg, ethereal, ettercap, exim, exim-html, frotz, fvwm2, galeon, geneweb, gkrellm, gkrellm-xmms, gmplayer, gnumeric, gtkasp2php, htmlfix, id3v2, ipa, irssi, FreeWnn lib and server, ja-samba, kaffe, liba52, libirman, links, lsof, lukemftp, lwp, mencoder, micq, mlterm, mozilla, mplayer and mplayer-share, msu, mysql-client, nxtvepg, ocaml, ogle and ogle_gui, openssh, oto, various Perl utilities, pango, pdflib, pgpdump, pkgchk, pkglint, pkg_install, polsms, postfix, proftpd, pure-ftpd, ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Just to let everyone know there have been some further updates to ipfilter in the NetBSD CVS trees in order to address port randomisation issues with BIND. All the updates have been documented in NetBSD Security Advisory 2008-009 which is available at: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc On behalf of security-officer@NetBSD.org, adrian. -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkkGQkcACgkQLc2rR0mnFJ86cgCg5pa0nj2JUiT2kot4s2csP2+9 F/MAn3XJ1cJeOJMQnVf8QVfCIiTChW5x =NgGc -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2009-013 ================================= Topic: BIND named dynamic update Denial of Service vulnerability Version: NetBSD-current: affected prior to 2009-07-29 NetBSD 5.0: affected NetBSD 4.0.*: affected NetBSD 4.0: affected pkgsrc: bind package prior to 9.5.1pl3 and 9.6.1pl1 Severity: Denial of Service Fixed: NetBSD-current: July 28, 2009 21:13 UTC NetBSD-5-0 branch: July 28, 2009 22:26 UTC NetBSD-5 branch: July 28, 2009 22:26 UTC NetBSD-4-0 branch: July 28, 2009 22:19 UTC NetBSD-4 branch: July 28, 2009 22:19 UTC pkgsrc 2009Q2: bind-9.5.1pl3 and bind-9.6.1pl1 corrects this issue Please note that NetBSD releases prior to 4.0 are no longer supported. It is recommended that all users upgrade to a supported release. Abstract ======== An assertion failure in the Berkeley Internet Name Domain server software shipped in NetBSD can be used by a remote attacker to cause the server process to crash by sending specially crafted dynamic update messages. This vulnerability has been assigned CVE-2009-0696 and CERT Vulnerability Note VU#725188. Technical Details ================= An error handling dynamic DNS update packets with the record data type being set to "ANY" will cause an assertion in the dns_db_findrdataset() function to trigger, causing the name server to exit. This requires at least one of the record set entries specified in the update to exist on the local server. The assertion triggered will typically cause the following message: db.c:659: REQUIRE(type != ((dns_rdatatype_t)dns_rdatatype_any)) failed exiting (due to assertion failure). Note that this assertion will be triggered even if dynamic DNS updates are disabled. Solutions and Workarounds ========================= In order to avoid this vulnerability, either filter incoming dynamic DNS update requests using a firewall or upgrade your bind software to a ...
The pkgsrc-2007Q3 Release ========================= The pkgsrc developers are very proud to announce the new pkgsrc-2007Q3 release, which has support for more packages than previous releases. As well as updated versions of many packages, the infrastructure of pkgsrc itself has been improved for better platform and compiler support. At the same time, the pkgsrc-2007Q2 release has been deprecated, and continuing engineering starts on the pkgsrc-2007Q3 release. This release celebrates the tenth anniversary of pkgsrc, and we would like to take this opportunity to thank all of the people who have made pkgsrc the most portable packaging system in the world - to all of the users, developers and supporters a very large "Thank you" from all of us. Some highlights of the new pkgsrc-2007Q3 release are: + many, many packages have been updated to newer versions, to take advantage of fixes and improved functionality. The following versions of packages are included in the pkgsrc-2007Q3 release: + apache-2.2.6 + firefox-18.104.22.168 + gnome-2.18.1 + kde-3.5.7 + mysql-5.0.45 + openoffice-2.3.0 + opera-9.23 + postgresql-8.2.5 + ruby-22.214.171.124 + samba-3.0.24 + seamonkey-1.1.4 + thunderbird-126.96.36.199 + wireshark-0.99.6 + zope-3.3.1 + other changes include + audit-packages has been rewritten in C to make it perform better; it has also been merged with pkg_install-20070714 and later versions. pkgsrc now comes with package auditing built in + pkg_install has been modified by Joerg Sonnenberger to bring in some of the pkg_install work he did for the Google Summer of Code last year + the addition of a framework for managing binary-only packages that require and support binary emulation, by Johnny Lam + we have continued to develop our "filesystems" category + the addition of some pertinent bright, shiny packages such as vym, fuse-afpfs-ng, wpi-firmware2, quilt, freealut, flightgear, simgear, espeak, glade3, orca, inspircd, ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2005-004 ================================= Topic: Buffer overflows in MIT Kerberos 5 telnet client Version: NetBSD-current: source prior to April 1, 2005 NetBSD 2.1: not affected NetBSD 2.0.3: not affected NetBSD 2.0.2: affected NetBSD 2.0: affected NetBSD 1.6.2: affected NetBSD 1.6.1: affected NetBSD 1.6: affected Severity: Remote code execution if connected to malicious server Fixed: NetBSD-current: April 1, 2005 NetBSD-3 branch: April 8, 2005 (3.0 will include the fix) NetBSD-2.0 branch: April 8, 2005 (2.0.3 includes the fix) NetBSD-2 branch: April 8, 2005 (2.1 includes the fix) NetBSD-1.6 branch: April 8, 2005 Abstract ======== The telnet client program in NetBSD, supporting MIT Kerberos 5 authentication, contains several buffer overflows that can be triggered when connecting to a malicious telnet server. When exploited, these overflows can lead to remote code execution. Technical Details ================= The slc_add_reply() and env_opt_add() functions in telnet.c perform inadequate length checking. slc_add_reply() may overflow a fixed-size data segment or BSS buffer when receiving a maliciously crafted telnet LINEMODE suboption string. env_opt_add() may overflow a heap buffer when receiving a maliciously crafted telnet NEW-ENVIRON suboption string. Both overflows may lead to arbitrary code execution. CVE: CAN-2005-0468 and CAN-2005-0469 Solutions and Workarounds ========================= There is no workaround to this problem. It is recommended that all NetBSD users of affected versions upgrade their telnet binaries to a non-vulnerable version. The following instructions describe how to upgrade your telnet binaries by updating your source tree and rebuilding and installing a new version of telnet. * NetBSD-current: Systems running NetBSD-current dated from before 2005-03-29 should be ...
The third pkgsrc conference will be held on May 5-7, 2006 in Paris, France. Universite Paris 7 - Denis Diderot is graciously hosting the conference on their campus. pkgsrcCon is a technical conference for people working on the NetBSD Packages Collection (pkgsrc), focusing on existing technologies, research projects, and works-in-progress in pkgsrc infrastructure. Developers, contributors, and users are all welcome to attend, and to share an excellent opportunity to gather and to discuss ideas face-to-face on how to improve pkgsrc. The conference schedule and list of presentations has been published: http://www.pkgsrcCon.org/2006/schedule.html http://www.pkgsrcCon.org/2006/presentations.html To learn more about pkgsrcCon, please visit http://www.pkgsrcCon.org/. -- Johnny Lam <firstname.lastname@example.org>
-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2004-001 ================================= Topic: Insufficient packet validation in racoon IKE daemon Version: NetBSD-current: source prior to January 17, 2004 NetBSD 1.6.2: not affected (fixed) NetBSD 1.6.1: affected NetBSD 1.6: affected NetBSD-1.5.*: not affected (does not ship with racoon) pkgsrc: packages prior to racoon-20040116a Severity: IPsec SA/ISAKMP SA may be deleted remotely by malicious third party Fixed: NetBSD-current: January 17, 2004 NetBSD-1.6 branch: February 10, 2004 (1.6.2 includes the fix) pkgsrc: racoon-20040116a corrects this issue Abstract ======== NetBSD ships with the racoon(8) IKE (Internet Key Exchange) daemon. A vulnerability was found in the code for packet validation of "informational exchange" messages. By sending specifically-crafted IKE packets, a malicious party could remove an IPsec SA (those visible via setkey(8)) and/or ISAKMP SA (secret communication channel used for communication between IKE daemons) on the victim node. Exploits for this issue have been circulated publicly. Technical Details ================= http://www.securityfocus.com/archive/1/349756 Solutions and Workarounds ========================= If you are not using IPSec, your system is not affected. If you are not running the racoon(8) IKE daemon, your system is not affected. However, we recomend you upgrade racoon so that you will not experience problems if you enable it later. If you are currently running racoon(8), you need to stop the old instance of racoon(8) and run the new one. The following instructions describe how to upgrade your racoon(8) binaries by updating your source tree and rebuilding and installing a new version of racoon(8). * NetBSD-current: Systems running NetBSD-current dated from before 2004-01-16 should be upgraded to NetBSD-current dated 2004-01-17 or later. The following directories need to be updated ...
Dear all, ISC has announced a maintenance window for the connectivity of: mail.NetBSD.org www.NetBSD.org (aka gnats.NetBSD.org, aka releng.NetBSD.org) ftp.NetBSD.org anoncvs.NetBSD.org June 4th, 0100-0400 UTC. This maintenance window also affects other services hosted at ISC in San Francisco and Redwood City. We totally disinterestedly ( ;-) ) wish ISC the best of luck and success with their planned work. regards, spz
The BSDCon 2003 Program Committee invites you to contribute original and innovative papers on topics related to BSD-derived systems and the Open Source world. Topics of interest include but are not limited to: * Embedded BSD application development and deployment * Real world experiences using BSD systems * Using BSD in a mixed OS environment * Comparison with non-BSD operating systems; technical, practical, licensing (GPL vs. BSD) * Tracking open source development on non-BSD systems * BSD on the desktop * I/O subsystem and device driver development * SMP and kernel threads * Kernel enhancements * Internet and networking services * Security * Performance analysis and tuning * System administration * Future of BSD For more information about the BSDCon 2003 Call for Papers, visit: http://www.usenix.org/events/bsdcon03/cfp/ Submissions in the form of extended abstracts are due by April 1, 2003. Be sure to review the extended abstract expectations before submitting. Selection will be based on the quality of the written submission and whether the work is of interest to the community. For detailed author guidelines, including sample extended abstracts and final papers visit: http://www.usenix.org/events/bsdcon03/cfp/guidelines.html We look forward to receiving your submissions! Sincerely, Gregory Neil Shapiro BSDCon 2003 Program Chair
On behalf of the NetBSD Release Engineering team, I'm happy to announce the availability of NetBSD 2.1 RC5 for testing. (A security issue came up shortly after RC4 was tagged, so it was never announced). NetBSD 2.1 RC5 is available in the "daily builds" section of your local FTP mirror (in the /pub/NetBSD-daily/netbsd-2-1-RC5 directory on most mirrors), and we encourage you to test it out and report any bugs using send-pr(1). We anticipate that this will be the final release candidate for NetBSD 2.1, barring any major issues or security problems. Here is a brief summary of changes from NetBSD 2.1_RC3 to 2.1_RC4: - protect ipsec ioctls from negative offsets - fix the 'postinstall' phase of sysinst - update to tzdata2005m (includes US DST changes for 2007) - Avoid an infinite loop in gzip decompressing invalid files - Avoid panic trying to write files to msdosfs of 4GB or greater - remove an unsafe /tmp file creation in X - add a missing range check in FreeBSD compat code - add missing bootxx_ffsv2 to amd64 bootfloppies - Initialize CP0 pagemask register properly on mips - make /usr/bin/which return a proper error indicator - add freebsd_sched.c when building compat_freebsd as an LKM - various minor sysinst fixes and language improvements - fixes for the sk(4) driver to make dhclient work better - kqueue: EOF on pipe gains no EVFILT_READ event - fix - Update the OpenBlockS266 support Here is a brief summary of changes from NetBSD 2.1_RC4 to 2.1_RC5: - fix security hole reported in CAN-2005-2495
|Ken Chen||[patch] sched: fix inconsistency when redistribute per-cpu tg->cfs_rq shares.|
|Hugh Dickins||Re: Linux 2.6.26-rc1 - pgtable_32.c:178 pmd_bad|
|Bernhard Beck||[PATCH 001/001] usb-serial: Add ThinkOptics WavIT|
|Oleg Nesterov||Re: [PATCH 4/5] don't panic if /sbin/init exits or killed|
|Greg KH||[patch 07/21] rtc-pcf8563: detect polarity of century bit automatically|
|Jonathan del Strother||Re: [PATCH] Fixing path quoting issues|
|Gerrit Pape||[PATCH] fix skipping merge-order test with NO_OPENSSL=1.|
|Linus Torvalds||Re: Implementing branch attributes in git config|
|Johannes Schindelin||Re: Trying to use git-filter-branch to compress history by removing large, obsolet...|
|Gerrit Pape||[PATCH] hooks--update: fix test for properly set up project description file|
|David Miller||Re: [PATCH 04/15] tg3: Preserve LAA when device control is released|
|Jean-Louis Dupond||Re: tg3 driver not advertising 1000mbit|
|Sven Wegener||[PATCH] ipvs: Add missing locking during connection table hashing and unhashing|
|David Miller||Re: [PATCH] qlcnic: dont assume NET_IP_ALIGN is 2|
|Stephen Hemminger||[PATCH 2/2] sky2: fix transmit state on resume|
|Linux Kernel Mailing List||[SCSI] scsi ioctl: fix kernel-doc warning|
|Linux Kernel Mailing List||ALSA: HDA - Correct trivial typos in comments.|
|Linux Kernel Mailing List||i2c-viapro: Add support for SMBus Process Call transactions|
|Linux Kernel Mailing List||i2c: Documentation: upgrading clients HOWTO|
|Linux Kernel Mailing List||[PATCH] fix sysctl_nr_open bugs|
|Die Gestalt||Re: How to re-build openssl with SHA1 support?|
|Edwin Eyan Moragas||Re: managing routes for multiple PPPoE connections|
|Brian Candler||Re: OBSD's perspective on SELinux|
|Jonathan Schleifer||Why is getaddrinfo breaking POSIX?|
|Predrag Punosevac||Re: Kernel developers guide/tutorial|