NEW: FreeBSD Security Notices


Historically, FreeBSD Security Advisories have been used to report
security issues found in the base system, and high-risk issues related
to third-party applications available in the Ports Collection.

The FreeBSD Security Officer Team will now be issuing Security Notices
in addition to Security Advisories.  While Security Advisories will
continue to be the team's focus, the Security Notices will provide a
channel for communicating issues that have been previously publicized.
In particular, problems reported with applications in the Ports
Collection that are not FreeBSD-specific are likely to be reported in
a Security Notice.  FreeBSD makes no claim about the security of these
third-party applications.

We expect that this will allow the FreeBSD Security Officer Team to
cover more issues --- especially in third-party software --- in a more
timely fashion, while reserving full Security Advisories for problems
in FreeBSD itself or that only affect FreeBSD.

The FreeBSD Security Officer Team.


FreeBSD Security Notice FreeBSD-SN-02:01

FreeBSD-SN-02:01                                              Security Notice
                                                                FreeBSD, Inc.

Topic:          security issues in ports
Announced:      2002-03-30

I.   Introduction

Several ports in the FreeBSD Ports Collection are affected by security
issues.  These are listed below with references and affected versions.
All versions given refer to the FreeBSD port/package version numbers.

These ports are not installed by default, nor are they ``part of
FreeBSD'' as such.  The FreeBSD Ports Collection contains thousands of
third-party applications in a ready-to-install format.  FreeBSD makes
no claim about the security of these third-party applications.  See
<URL:http://www.freebsd.org/ports/> for more information about the
FreeBSD Ports Collection.

II.  Ports

Port name:      acroread, acroread-chsfont, acroread-chtfont,
                  acroread-commfont, acroread4, linux-mozilla,
                  linux-netscape6, linux_base, linux_base-7
Affected:       versions < linux_base-6.1_1 (linux_base port)
                versions < linux_base-7.1_2 (linux_base-7 port)
                versions < linux_mozilla-0.9.9_1
(Continue reading)

Murray Stokely | 9 Apr 00:05 2002

FreeBSD 5.0 Developer Preview #1 Now Available

  A Developer Preview release of FreeBSD 5.0-CURRENT is now available
for widespread testing.  This preview is a significant milestone
towards the eventual release of FreeBSD 5.0 in late 2002.  Some of the
many new features that are available in this snapshot are listed

    * SMP support has been largely reworked, incorporating code from
      BSD/OS 5.0 (in progress).

    * The random(4) device has been rewritten to use the Yarrow
      algorithm.  It harvests entropy from a variety of interrupt
      sources (hardware devices) to provide the entropy required by
      strong cryptography.

    * Support for 32-bit Cardbus devices has been added for mobile
      computers (NEWCARD).

    * Significant security enhancements have been made throughout the
      system, including a reworked PAM implementation, ACLs, and fewer
      privileged programs in the base system.

    * An implementation of scheduler activations has been added to
      the kernel to more efficiently handle multi-threaded
      programs. (in progress).

    * A device filesystem has been added to allow entries in the /dev
      directory to be automatically attached.  Among other benefits,
      devfs provides better support for attaching and detaching
      peripheral devices.

(Continue reading)

FreeBSD Security Advisories | 16 Apr 23:03 2002

FreeBSD Security Advisory FreeBSD-SA-02:20.syncache

FreeBSD-SA-02:20                                            Security Advisory
                                                                FreeBSD, Inc.

Topic:          syncache/syncookies denial of service

Category:       core
Module:         net
Announced:      2002-04-16
Credits:        Alan Judge <Alan.Judge <at> eircom.net>
                Dima Ruban <dima <at> FreeBSD.org>
Affects:        FreeBSD 4.5-RELEASE
                FreeBSD 4.4-STABLE after 2001-12-14 19:53:01 UTC
                FreeBSD 4.5-STABLE prior to the correction date
Corrected:      2002-02-20 16:48:49 UTC (RELENG_4)
                2002-02-21 16:38:39 UTC (RELENG_4_5, 4.5-RELEASE-p1)
FreeBSD only:   YES

I.   Background

The SYN cache ("syncache") and SYN cookie mechanism ("syncookie") are
features of the TCP/IP stack intended to improve resistance to a class
of denial of service attacks known as SYN floods.

II.  Problem Description

Two related problems with syncache were triggered when syncookies were

(Continue reading)

FreeBSD Security Advisories | 17 Apr 21:23 2002

FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip

FreeBSD-SA-02:21.tcpip                                      Security Advisory
                                                                FreeBSD, Inc.

Topic:          routing table memory leak

Category:       core
Module:         net
Announced:      2002-04-17
Credits:        Jayanth Vijayaraghavan <jayanth <at> FreeBSD.org>
                Ruslan Ermilov <ru <at> FreeBSD.org>
Affects:        FreeBSD 4.5-RELEASE
                FreeBSD 4-STABLE after 2001-12-07 09:23:11 UTC
                    and prior to the correction date
Corrected:      2002-03-22 16:54:19 UTC (RELENG_4)
                2002-04-15 17:12:08 UTC (RELENG_4_5)
FreeBSD only:   YES

I.   Background

The TCP/IP stack's routing table records information about how to
reach various destinations.  The first time a TCP connection is
established with a particular host, a so-called "cloned route" entry
for that host is automatically derived from one of the predefined
routes and added to the table.  Each entry has a reference count that
indicates how many existing connections use that entry; when the
reference count reaches zero, the entry is removed from the table.

II.  Problem Description
(Continue reading)

FreeBSD Security Advisories | 18 Apr 20:25 2002

FreeBSD Security Advisory FreeBSD-SA-02:18.zlib [REVISED]

FreeBSD-SA-02:18                                            Security Advisory
                                                                FreeBSD, Inc.

Topic:          zlib double-free

Category:       core, ports
Module:         zlib
Announced:      2002-03-18
Credits:        Matthias Clasen <maclas <at> gmx.de>
                Owen Taylor <otaylor <at> redhat.com>
Affects:        All released versions of FreeBSD
                FreeBSD 4.5-STABLE prior to the correction date
                Various ports using or including zlib
Corrected:      2002-02-24 23:12:48 UTC (RELENG_4)
                2002-02-24 23:22:57 UTC (RELENG_4_5)
                2002-02-24 23:23:58 UTC (RELENG_4_4)
                2002-02-24 23:24:46 UTC (RELENG_4_3)
CVE:            CAN-2002-0059
FreeBSD only:   NO

0.   Revision History

v1.0  2002-04-20  Initial release
v1.1  2002-04-25  Corrected ZFREE location in kernel patch
                  Corrected deflate window size check

I.   Background

(Continue reading)

Chris Coleman | 19 Apr 02:12 2002

Promote BSD and Share the Wealth

Daemon News is offering a new incentive program to help get the 
community more involved with the promotion of BSD.

We know that the more BSD "stuff" we get out to people, the more people
will use BSD.  To spread the word and get the products out there, we've
put together two programs that allow the BSD community to get involved.  
Sales of these products help promote BSD by supporting Daemon News 
programs and services, helping other BSD-related companies like Wasabi 
and FreeBSD Systems, and, for OSes, monetary donations to the 
projects' foundations.

Here are the two programs, one for everyone and a special offer for web
site authors/owners:

  1) Website owners can place links to bsdmall.com promoting BSD products
     and earn 5% of all sales generated from those links.

     It is extremely easy to get started promoting BSD stuff.  Contact 
     us and we will send you a trackable link that you can use on all your 
     web sites to promote BSD products.  You will instantly earn credit 
     that you can use on bsdmall.com or have an option to cash out.

  2) Community members can request BSD products to be listed at retail
     stores and we will give you a BSD Mall gift certificate for each 
     store that places an order.

     Contact your local retail, computer, or campus bookstore and request 
     that they stock BSD products.  Then, e-mail us with the list of places 
     that you have contacted.  Details on what to tell them can be found 
(Continue reading)

FreeBSD Security Advisories | 22 Apr 20:01 2002

FreeBSD Security Advisory FreeBSD-SA-02:23.stdio

FreeBSD-SA-02:23.stdio                                      Security Advisory
                                                          The FreeBSD Project

Topic:          insecure handling of stdio file descriptors

Category:       core
Module:         kernel
Announced:      2002-04-22
Credits:        Joost Pol <joost <at> pine.nl>
Affects:        All releases of FreeBSD up to and including 4.5-RELEASE
                4.5-STABLE prior to the correction date
Corrected:      2002-04-21 13:06:45 UTC (RELENG_4)
                2002-04-21 13:08:57 UTC (RELENG_4_5)
                2002-04-21 13:10:51 UTC (RELENG_4_4)
FreeBSD only:   NO

I.   Background

By convention, POSIX systems associate file descriptors 0, 1, and 2
with standard input, standard output, and standard error,
respectively.  Almost all applications give these stdio file
descriptors special significance, such as writing error messages to
standard error (file descriptor 2).

In new processes, all file descriptors are duplicated from the parent
process.  Unless these descriptors are marked close-on-exec, they
retain their state during an exec.

(Continue reading)