As you may know, the port of NetBSD to AMD x86-64 machines (Opteron

and Athlon64) has existed for a while. Now that the time is

getting closer that x86-64 hardware will be publicly available,

interest in NetBSD/x86_64 is increasing. So it's about time it

had its own mailing list, like other NetBSD ports do.
The mailing list is called port-x86_64, and is is accessible through

the majordomo mailing list software on netbsd.org. See

http://www.netbsd.org/MailingLists/ for more information on the

NetBSD mailing lists.
- Frank

(NetBSD/x86_64 port maintainer)

On behalf of the NetBSD developers, I am pleased to announce that

NetBSD 5.0.1 is now available for download.  NetBSD 5.0.1 is the first

security/critical update of the NetBSD 5.0 release branch. It represents

a selected subset of fixes deemed critical in nature for security or

stability reasons.  All users are encouraged to upgrade.
Please note that due to changes in pkg_install, users upgrading from

previous releases are strongly encouraged to run "pkg_admin rebuild"

after the upgrade is complete.
For full details, please see the release notes at:
    http://www.NetBSD.org/releases/formal-5/NetBSD-5.0.1.html
ISO images can be downloaded using BitTorrent, and we encourage users

who wish to install via ISO images to take advantage of this, as the

images are well seeded.
    http://www.NetBSD.org/mirrors/torrents/
Complete source and binaries for NetBSD 5.0.1 are available for download

at many sites around the world. A list of download sites providing FTP,

AnonCVS, and other services may be found at:
    http://www.NetBSD.org/mirrors/
We are very grateful to all of those who donated during the 2007 fund

drive, which brought us many of the great advances made in the last two

years.  We would like to remind everyone that we are in the middle of

a fund drive with a target of 60,000 USD by the end of the year.  For

more information on how you can help NetBSD reach this goal, see
    http://www.NetBSD.org/donations/
The NetBSD Foundation would like to thank all those who have

contributed code, hardware, documentation, funds, colocation for our

servers, web pages and other documentation, release engineering, and

other resources over the years. More information on the people who

make NetBSD happen is available at:
    http://www.NetBSD.org/people/
We would like to especially thank the University of California at

Berkeley and the GNU Project for particularly large subsets of code

that we use. We would also like to thank the Internet Systems

Consortium Inc., the Netw...
[ message continues ]

-----BEGIN PGP SIGNED MESSAGE-----
		 NetBSD Security Advisory 2003-010

		 =================================
Topic:		remote panic in OSI networking code
Version:	NetBSD-current:	source prior to May 26, 2003

		NetBSD 1.6.1:	affected

		NetBSD 1.6:	affected

		NetBSD-1.5.3:	affected

		NetBSD-1.5.2:	affected

		NetBSD-1.5.1:	affected

		NetBSD-1.5:	affected
Severity:	remote system crash possible on OSI connected systems
Fixed:		NetBSD-current:		May 26, 2003

		NetBSD-1.6 branch:	May 26, 2003 (1.6.2 will include the fix)

		NetBSD-1.5 branch:	May 28, 2003
Abstract

========
It is possible to crash an OSI connected system remotely by sending it

a carefully prepared OSI networking packet.
Technical Details

=================
The OSI networking kernel (sys/netiso) contains a function that sends

error indications to the sender of an OSI packet in certain error

conditions.  This function prepares its own packet header mbuf, but was

never converted to use a "PKTHDR" mbuf as has been required by the

BSD networking stack for a long time.
Networking drivers sending a packet prepared in this way will either

panic complaining about this condition (if the kernel was compiled

with "options DEBUG") or crash in erratic ways (if they try to use

the invalid information in a header mbuf not containing the pkthdr

fields).
Solutions and Workarounds

=========================
How to determine if your system is vulnerable:
OSI is not a commonly used network stack, and most NetBSD users will not

be affected by this advisory. If 'ifconfig -a | grep iso' does not show

iso addresses assigned on any interface, the system is not vulnerable.
Any system with the abovementioned kernel date that has OSI addresses

configured is vulnerable.
Workaround: don't configure OSI addresses onto your system, or disable

any OSI addresses configured, or configure and boot a kernel without

``options OSI''.  This will disable any OSI communications.
The following instructions describe how ...
[ message continues ]

10 years ago - on October 3rd 1997 - the pkgsrc software management system

was created by Alistair Crooks and Hubert Feyrer. pkgsrc, the NetBSD

Packages Collection, was primary intended as packaging system for NetBSD.

Derived from the FreeBSD Ports system, pkgsrc became a success story.

Today, pkgsrc is a cross-platform framework, running on the BSDs, Linux,

Solaris, Mac OS X, many Unix derivatives and even on Windows.
We continue the anniversary celebrations with a series of interviews:

developers and users of pkgsrc and of related systems give insights into

the history, the concepts, the problems and the future directions of

packaging systems:
	http://www.NetBSD.org/gallery/10years.html
I wish to thank all participants:
Christoph Badura, Alistair Crooks, Marc Espie, Hubert Feyrer, Jordan K.

Hubbard, Erwin Lansing, James K. Lowden and Joerg Sonnenberger!
Best regards, Mark Weinem

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
		 NetBSD Security Advisory 2009-001

		 =================================
Topic:		PF firewall remote Denial Of Service attack
Version:	NetBSD-current:		affected

		NetBSD 5.0:		not affected

		NetBSD 4.0.*:		not affected

		NetBSD 4.0:		not affected

		NetBSD 3.1.*:		not affected

		NetBSD 3.1:		not affected

		NetBSD 3.0.*:		not affected

		NetBSD 3.0:		not affected
Severity:	Denial of service
Fixed:		NetBSD-current:		April 14, 2009

		NetBSD-5 branch:	April 14, 2009

			(5.0 includes the fix)
Please note that NetBSD releases prior to 4.0 are no longer supported.

It is recommended that all users upgrade to a supported release.
Abstract

========
PF firewalls suffer from a remote denial of service attack (system

panic) due to mishandling of some ICMP and ICMPV6 packets.
Technical Details

=================
When a PF firewall using nat or rdr receives a specially crafted

packet, a null pointer dereference causes a kernel panic.
In pf_test_rule() ICMP logic was implied for IPv6 packets and ICMPv6 logic

was implied for IPv4 packets. The wrong ICMP header length is used and an

assertion fails due to the attempt to access unallocated memory.
See also:

http://www.securityfocus.com/archive/1/502634

http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt
Solutions and Workarounds

=========================
Only kernels compiled with the following option are vulnerable to this issue:
        pseudo-device pf
As a temporary workaround recompile the kernel with the above option

commented out.  The default NetBSD GENERIC kernels do not have this

option enabled.  In addition to this the system must be running

with nat and/or rdr rules present in the active ruleset.
An additional workaround can be to add the following rules to your

/etc/pf.conf configuration file:
nat/rdr ... inet proto { tcp udp icmp } ...

nat/rdr ... inet6 proto { tcp udp icmp6 } ...
For all NetBSD versions, you need to...
[ message continues ]

-----BEGIN PGP SIGNED MESSAGE-----
		 NetBSD Security Advisory 2004-002

		 =================================
Topic:		Inconsistent IPv6 path MTU discovery handling
Version:	NetBSD-current:	source prior to February 5, 2004

		netBSD 1.6.2:	not affected (fixed)

		NetBSD 1.6.1:	affected

		NetBSD 1.6:	affected

		NetBSD-1.5.x:	not affected
Severity:	Remote kernel panic could be possible
Fixed:		NetBSD-current:		February 5, 2004

		NetBSD-1.6 branch:	February 9, 2004 (1.6.2 includes the fix)

		NetBSD-1.5 branch:	not affected
Abstract

========
A malicious party can cause a remote kernel panic by using ICMPv6 "too

big" messages.  
Technical Details

=================
Once a specially-crafted ICMPv6 "too big" message is sent to a victim

node, a routing table entry with a small path-MTU is installed.  
The victim system may later experience a kernel panic (due to a kernel

stack overflow) if a TCP session that uses the routing table entry is

later established.
For further details, see:
	http://www.guninski.com/obsdmtu.html
Solutions and Workarounds

=========================
The default NetBSD kernels (GENERIC*) ship with IPv6 compiled in.  If

you are using a kernel without IPv6, your system is not affected.

Kernels with the "options INET6" line removed, or commented out, from

the kernel configuration file do not include IPv6.
Additionally, an attacker requires IPv6 connectivity to the host to

send the packets that exploit this vulnerability.  Note, however, that

systems without external IPv6 routed connectivity may still be exposed

via LAN or similar connections, where neighbouring systems can send

IPv6 packets to the node.  This potentially includes shared external

segments and wireless networks.
The following instructions describe how to upgrade your kernel by

updating your source tree and rebuilding and installing a new version

of the kernel.  After replacing the kernel, a reboot is necessary.
* NetBSD-current:
	Systems running NetBSD-curre...
[ message continues ]

Hello,
We are pleased to announce that the anonymous cvs service is

working again.
We'd like to thank S. P. Zeidler, Tracy Di Marco White, Jason

Thorpe, and Thor Lancelot Simon for their work in testing the

hardware, determining the cause of the corruption, and replacing

the raid controller which ended up being the cause of the problem.
In addition, we'd also like to thank everyone for their offers to

help and for their patience while we investigated and repaired the

cause of the corruption.
Finally we'd like to take this opportunity to ask those who benefit

from this service or any of the other services that we offer to

consider donating to improve the reliability of our services.
Please see http://www.netbsd.org/donations/ for ways to contribute.
Best Regards,
Christos Zoulas
On behalf of the NetBSD Systems Administration Executive Committee.

The pkgsrc-2005Q3 Branch

========================
The pkgsrc developers are very proud to announce the new pkgsrc-2005Q3

branch, which has support for more packages than previous branches.

As well as updated versions of many packages, the infrastructure of

pkgsrc itself has been improved for better platform and compiler

support, and also for enhanced security.
At the same time, the pkgsrc-2005Q2 branch has been deprecated, and

continuing engineering starts on the pkgsrc-2005Q3 branch.
Some highlights of the new pkgsrc-2005Q3 branch are:
+ many, many packages have been updated to newer versions, to take

advantage of fixes and improved functionality.  This includes
	+ firefox-1.0.7

	+ gnome-2.10.2

	+ kde-3.4.2

	+ opera-8.5

	+ perl-5.8.7

	+ postgresql 8.0

	+ the addition of some pertinent bright, shiny packages such

	  as jalbum, spamd, archangel, freefont-ttf, cvm, js, ucon64,

	  pwsafe, luma, nss_ldap, ghostscript-afpl, lighttpd, dejavu-ttf

	+ more of Johnny Lam's infrastructure changes

	+ Krister Walfridsson's cross-package work, which allows the

	  building of packages on different platforms
The full list of platforms supported by pkgsrc is:  AIX, BSD/OS,

Darwin (MacOS X), DragonFly, FreeBSD, IRIX, Interix, Linux, NetBSD,

OSF1, OpenBSD, SunOS (Solaris), and UnixWare.  We would like to add

support for more - please get in touch if you, too, are interested.
Our thanks also to the Dragonfly BSD project for adopting pkgsrc as

their packaging system - this is the first pkgsrc branch since that

announcement, and we have brought on board some Dragonfly developers

specifically to look after issues related to that platform.
+ removed some older, unmaintained or vulnerable packages, such as

realplayer, cxunzip, yamt, evolution12, gtksamba, gdm1, prc-tools,

palmos-includes, and winelib. 
+ continuing engineering on the "stable" branches of pkgsrc has been

much improved, and our thanks to the pkgsrc releng team for all the

hard work they do in sanity checking pull...
[ message continues ]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
		 NetBSD Security Advisory 2005-005

		 =================================
Topic:		cgd(4) key destruction on unconfigure
Version:	NetBSD-current:	source prior to March 19, 2005

		NetBSD 2.1:	not affected

		NetBSD 2.0.3:	not affected

		NetBSD 2.0.2:	not affected

		NetBSD 2.0:	affected

		NetBSD 1.6.*:	not affected
Severity:	possible key compromise
Fixed:		NetBSD-current:		March 19, 2005

		NetBSD-3 branch:	March 19, 2005

						(3.0 will include the fix)

		NetBSD-2.0 branch:	March 20, 2005

						(2.0.2 includes the fix)

		NetBSD-2 branch:	March 20, 2005

						(2.1 includes the fix)
Abstract

========
When a cgd(4) pseudo-device is unconfigured, the driver does not clear

memory containing key material before freeing it back to other kernel

use. A process may later allocate kernel memory and receive chunks

with data previously used by the cgd driver which may contain

encryption keys.
Technical Details

=================
The cgd(4) pseudo-device provides an encrypted virtual disk, layered

on top of other disk device drivers. The encryption is done in

software, with cryptographic keys configured and supplied to the

kernel via the cgdconfig(8) program, and stored in the kernel for the

lifetime of the pseudo-device.
With any such software-based encryption scheme, there is a risk of key

disclosure via examination of kernel memory. This is inherent in the

need for the kernel to perform cryptographic operations, and

unavoidable while the disk must be accessible to user processes.
A cgd(4) device can be unconfigured, which removes the in-kernel

configuration structures and prevents any further access to the

decrypted contents of the disk via the cgd(4) driver until the key is

re-entered.  However, the structures containing key material were

freed back to the kernel memory pool without having their contents

erased first.  It was therefore possible that key material could still

be present in kernel memory after th...
[ message continues ]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
		 NetBSD Security Advisory 2008-005

		 =================================
Topic:		OpenSSH Multiple issues
Version:	NetBSD-current:		affected

		NetBSD 4.0:		affected

		NetBSD 3.1.*:		affected

		NetBSD 3.1:		affected

		NetBSD 3.0:		affected

		NetBSD 3.0.*:		affected
Severity:	ForceCommand bypass and X11 session hijacking
Fixed:		NetBSD-current:		April 05, 2008

		NetBSD-4 branch:	April 07, 2008

			(4.1 will include the fix)

		NetBSD-4-0 branch:	April 07, 2008

			(4.0.1 will include the fix)

		NetBSD-3-1 branch:	April 08, 2008

			(3.1.2 will include the fix)

		NetBSD-3-0 branch:	April 08, 2008

			(3.0.4 will include the fix)

		NetBSD-3 branch:	April 08, 2008

			(3.2 will include the fix)

		pkgsrc:			openssh-4.7.1nb3 corrects the issue
Abstract

========
Two issues have been found with the version of OpenSSH that ships

with NetBSD 3.x, NetBSD 4.x and NetBSD-current.  The two known security

issues include X11 session hijacking and a bypass of the ForceCommand

directive.
These vulnerabilities have been assigned CVE-2008-1483 for the X11 session

hijacking and CVE-2008-1657 for the ForceCommand bypass.
Technical Details

=================
The ForceCommand sshd_config(5) directive can be bypassed by authenticated

users by utilising the processing of the ~/.ssh/rc file.  The ForceCommand

directive was introduced in OpenSSH 4.4 as such only NetBSD-current and

NetBSD-4 are impacted by this issue.
OpenSSH 4.9 introduced a no-user-rc option to the AuthorizedKeys file

for blocking the processing of user ~/.ssh/rc files.  This has been

introduced in all NetBSD branches and documented in the sshd(8) man page.
The second issue allows local users to hijack forwarded X11 sessions of

other users. 
Solutions and Workarounds

=========================
It is recommended that NetBSD users of vulnerable versions update

their binaries.
The following instructions describe how to upgrade your OpenSSH

binaries ...
[ message continues ]

In keeping with NetBSD's policy of maintaining only the current (3.x) and

most recent (2.x) release branches, the release of NetBSD 3.0 marks the=20

end-of-life for NetBSD 1.6. This means that the netbsd-1-6 branch will no=

=20

longer be actively maintained.
For example:
- In contrast to earlier plans there will be no NetBSD 1.6.3 release.

  This plan was dropped due to incomplete cross build support in the

  "netbsd-1-6" branch and lack of man power.

- There will be no more pullups to the branch (even for security issues)

- There will be no security advisories made for 1.6

- The current 1.6 releases on ftp.netbsd.org will be moved into   =20

  /pub/NetBSD-archive
On behalf of the NetBSD Release Engineering team
	Matthias Scheler

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
As many of you know, we are in the process of upgrading several

project machines.  So far, we have upgraded the anonymous CVS server

and FTP server to machines that can handle the capacity needed for

the 1.6 and 1.5.3 releases.
The hardware isn't cheap, and we're asking for donations to The NetBSD

Foundation to help offset this cost, and hope to raise enough for

other project machines to be upgraded as well.
Our target is $10,000 USD.  Over 60% of this goes to the public

servers.  The remainder will be used for other upgrades and

replacements as needed.
There are several ways to send us payments:
A check written out to "The NetBSD Foundation."
Please mail checks to:
        The NetBSD Foundation, Inc.

        235 W48th Street, Apt 22A

        New York, NY 10036

        USA
We can also accept paypal transfers to paypal@netbsd.org
Please note that TNF is not yet a 501(c)(3) charity. We are working on

changing that but until then, donations are not tax deductible.
- --Michael

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.0.7 (NetBSD)

Comment: See http://www.flame.org/~explorer/pgp for my keys
iD8DBQE9QdOql6Nz7kJWYWYRApueAJ93gitNYsVlWFYCVqHCGgutO1TUiQCfT7M3

BaqJfDPaos9RaCYf/3Mv2BQ=

=ONoN

-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
		 NetBSD Security Advisory 2006-021

		 =================================
Topic:		Integer overflows in CID-keyed font parser
Version:	NetBSD-current:	source prior to September 13, 2006

		NetBSD 4.0_BETA:	affected

		NetBSD 3.1_RC3:		not affected

		NetBSD 3.0.*:		affected

		NetBSD 3.0:		affected

		NetBSD 2.1:		affected

		NetBSD 2.0.*:		affected

		NetBSD 2.0:		affected

		pkgsrc: 		xorg-libs-6.9.0nb8 and earlier

					XFree86-libs-4.4.0nb8 and earlier
Severity:	Potential privilege escalation
Fixed:		NetBSD-current:		September 13, 2006

		NetBSD-4 branch:	September 16, 2006

			(4.0 will include the fix)

		NetBSD-3-0 branch:	September 16, 2006

			(3.0.2 will include the fix)

		NetBSD-3   branch:	September 16, 2006

			(3.1 will include the fix)

		NetBSD-2-1 branch:	September 18, 2006

		NetBSD-2-0 branch:	September 18, 2006

		NetBSD-2   branch:	September 18, 2006

		pkgsrc:			xorg-libs-6.9.0nb9 corrects the issue

					XFree86-libs-4.4.0nb9 corrects the issue
Abstract

========
There are integer overflows present in the CID-keys font parser as

supplied with both XFree86 and X11R7.0.  This can potentially lead

to arbitrary code execution.  These vulnerabilities can be triggered

by a user parsing untrusted CID encoded Type 1 fonts.
These vulnerabilities have been assigned CVE references CVE-2006-3739

and CVE-2006-3740.
Technical Details

=================
There are two separate integer overflows that are present:
* scan_cidfont() function when handling 'CMap' and 'CIDFont' font data.

* CIDAFM() function when handling AFM (Adobe Font Metric) files
Both vulnerabilities can potentially lead to arbitrary code execution.
Solutions and Workarounds

=========================
While X11R7.0 from X.Org is in both the HEAD and netbsd-4 branches it

is currently not integrated fully into the base distribution.  No NetBSD

releases contain X11R7.0 binaries and as such it is not necessary to

rebuild anything from sourc...
[ message continues ]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
		 NetBSD Security Advisory 2008-013

		 =================================
Topic:		IPv6 Neighbor Discovery Protocol
Version:	NetBSD-current:		affected

		NetBSD 4.0.*:		not affected

		NetBSD 4.0:		affected

		NetBSD 3.1.*:		affected

		NetBSD 3.1:		affected

		NetBSD 3.0.*:		affected

		NetBSD 3.0:		affected
Severity:	Denial of service
Fixed:		NetBSD-current:		July 31, 2008

		NetBSD-4-0 branch:	October 03, 2008

			(4.0.1 includes the fix)

		NetBSD-4 branch:	October 03, 2008

			(4.1 will include the fix)

		NetBSD-3-1 branch:	October 03, 2008

			(3.1.2 will include the fix)

		NetBSD-3-0 branch:	October 03, 2008

			(3.0.4 will include the fix)

		NetBSD-3 branch:	October 03, 2008

			(3.2 will include the fix)
Abstract

========
An attacker may be able to forge IPv6 routing entries to intercept network

traffic or cause a denial of service attack.
This vulnerability has been assigned CVE-2008-2476 and CERT

Vulnerability Note VU#472363.
Technical Details

=================
An attacker on a local network (i.e. the messages will not be forwarded by

routers) can send a ICMPv6 neighbor solicitation message to a router which

will result in a modification of the victims routing information.  It may be

then possible for the attacker intercept network traffic or cause a denial

of service.
Solutions and Workarounds

=========================
Only kernels compiled with the following option are vulnerable to this issue:
	options INET6
As a temporary workaround recompile the kernel with the above option

commented out.  The default NetBSD GENERIC kernels have this

option enabled.
In addition to this the following work arounds may also be used:
* Use application level encryption (e.g. SSH, HTTPS) to protect sensitive

  network traffic.

* Use network firewalls to block any malicious ICMPv6 neighbor solicitation

  messages.
For all NetBSD versions, you need to obtain fixed kernel sources,

rebuild and inst...
[ message continues ]