Picon

FreeBSD Security Advisory FreeBSD-SA-09:13.pipe


=============================================================================
FreeBSD-SA-09:13.pipe                                       Security Advisory
                                                          The FreeBSD Project

Topic:          kqueue pipe race conditions
Category:       core
Module:         kern
Announced:      2009-10-02
Credits:        Przemyslaw Frasunek
Affects:        FreeBSD 6.x
Corrected:      2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE)
                2009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-RELEASE-p7)
                2009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-RELEASE-p13)

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

Pipes are a form of inter-process communication (IPC) provided by the
FreeBSD kernel.  kqueue is an event management API that applications can
use to monitor pipes and other kernel services.

II.  Problem Description

A race condition exists in the pipe close() code relating to kqueues,
causing use-after-free for kernel memory, which may lead to an
exploitable NULL pointer vulnerability in the kernel, kernel memory
(Continue reading)

FreeBSD Errata Notices | 2 Oct 22:12 2009
Picon

FreeBSD Errata Notice FreeBSD-EN-09:05.null


=============================================================================
FreeBSD-EN-09:05.null                                           Errata Notice
                                                          The FreeBSD Project

Topic:          No zero mapping feature

Category:       core
Module:         kern
Announced:      2009-10-02
Credits:        John Baldwin, Konstantin Belousov, Alan Cox, and Bjoern Zeeb
Affects:        All supported versions of FreeBSD.
Corrected:      2009-10-02 18:09:56 UTC (RELENG_8, 8.0-RC2)
                2009-10-02 18:09:56 UTC (RELENG_7, 7.2-STABLE)
                2009-10-02 18:09:56 UTC (RELENG_7_2, 7.2-RELEASE-p4)
                2009-10-02 18:09:56 UTC (RELENG_7_1, 7.1-RELEASE-p8)
                2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE)
                2009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-RELEASE-p7)
                2009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-RELEASE-p13)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.

I.	Background

In the C programming language, address 0 (NULL) is used to represent
unallocated memory.  NULL pointer dereferences are a common class of C
programming bug in which pointers are not properly checked for NULL
(Continue reading)

Picon

FreeBSD Security Advisory FreeBSD-SA-09:14.devfs


=============================================================================
FreeBSD-SA-09:14.devfs                                      Security Advisory
                                                          The FreeBSD Project

Topic:          Devfs / VFS NULL pointer race condition

Category:       core
Module:         kern
Announced:      2009-10-02
Credits:        Przemyslaw Frasunek
Affects:        FreeBSD 6.x and 7.x
Corrected:      2009-05-18 10:41:59 UTC (RELENG_7, 7.2-STABLE)
                2009-10-02 18:09:56 UTC (RELENG_7_2, 7.2-RELEASE-p4)
                2009-10-02 18:09:56 UTC (RELENG_7_1, 7.1-RELEASE-p8)
                2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE)
                2009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-RELEASE-p7)
                2009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-RELEASE-p13)

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

The device file system (devfs) provides access to system devices, such as
storage devices and serial ports, via the file system namespace.

VFS is the Virtual File System, which abstracts file system operations in
the kernel from the actual underlying file system.
(Continue reading)

FreeBSD Security Officer | 18 Oct 14:37 2009
Picon

HEADS UP: FreeBSD 6.3 EoL coming soon

Hi all,

On January 31st, FreeBSD 6.3 will reach its End of Life and will no longer be
supported by the FreeBSD Security Team.  Users of this release are strongly
encouraged to upgrade to a newer release before that date -- more conservative
users will probably wish to upgrade to FreeBSD 6.4 or FreeBSD 7.1 (which are
both extended-support branches), while others will probably wish to upgrade to
FreeBSD 7.2 or the upcoming FreeBSD 8.0.

The freebsd-update(8) utility can be used to upgrade i386 and amd64 systems
from 6.3-RELEASE (or 6.3-RELEASE-pX for some X) to 6.4-RELEASE using binary
updates (i.e., without compiling from source) as described in the 6.4-RELEASE
announcement; given an adequate internet connection, this process usually takes
15 minutes or less.

The current supported branches and expected EoL dates are:

   +---------------------------------------------------------------------+
   |  Branch   |  Release   |  Type  |   Release date  |  Estimated EoL  |
   |-----------+------------+--------+-----------------+-----------------|
   |RELENG_6   |n/a         |n/a     |n/a              |November 30, 2010|
   |-----------+------------+--------+-----------------+-----------------|
   |RELENG_6_3 |6.3-RELEASE |Extended|January 18, 2008 |January 31, 2010 |
   |---------------------------------------------------------------------|
   |RELENG_6_4 |6.4-RELEASE |Extended|November 18, 2008|November 30, 2010|
   |---------------------------------------------------------------------|
   |RELENG_7   |n/a         |n/a     |n/a              |last release + 2y|
   |-----------+------------+--------+-----------------+-----------------|
   |RELENG_7_1 |7.1-RELEASE |Extended|January 4, 2009  |January 31, 2011 |
   |-----------+------------+--------+-----------------+-----------------|
(Continue reading)

Deb Goodkin | 21 Oct 15:30 2009

HAST Project Announcement

Dear FreeBSD Community,

The FreeBSD Foundation is pleased to announce a new funded project!

Pawel Jakub Dawidek has been awarded a grant to implement storage
replication software that will enable users to use the FreeBSD operating
system for highly available configurations where data has to be shared
across the cluster nodes. The project is partly being funded by OMCnet
Internet Service (GmbH www.omc.net) and TransIP BV (www.transip.nl).

The software will allow for synchronous block-level replication of any
storage media (GEOM providers, using FreeBSD nomenclature) over the
TCP/IP network and for fast failure recovery. HAST will provide storage
using GEOM infrastructure, which means it will be file system and
application independent and could be combined with any existing GEOM
class. In case of a master node failure, the cluster will be able to
switch to the slave node, check and mount UFS file system or import ZFS
pool and continue to work without missing a single bit of data.

"High-availability is the number one requirement for any serious use of
any operating system," said Pawel Jakub Dawidek, FreeBSD Developer.
"Highly available storage is one of the key components in such
environments. I strongly believe there are many FreeBSD users that have
been waiting a long time for this functionality. I'll do my best to
deliver software that matches FreeBSD quality and that will satisfy the
needs of our users."

Pawel has been an active FreeBSD committer since 2003. During this
period, he has touched almost every part of the kernel. But, his main
interest in FreeBSD is storage and security related topics. Pawel is the
(Continue reading)

Deb Goodkin | 21 Oct 15:48 2009

Flattened Device Tree Project Announcement

Dear FreeBSD Community,

The FreeBSD Foundation is pleased to announce another funded project!

Rafal Jaworowski and Semihalf has been awarded a grant to provide 
FreeBSD with support for the flattened device tree (FDT) technology. 
This project allows for describing hardware resources of a computer 
system and their dependencies in a platform-neutral and portable way.

The main consumers of this functionality are embedded systems whose
hardware resources assignment cannot be probed or self-discovered.

The FDT idea is inherited from Open Firmware IEEE 1275 device-tree
notion (part of the regular Open Firmware implementation), and among
other deployments is used as a basis for Power.org's embedded platform
reference specification (ePAPR).

"Thanks to this project, embedded FreeBSD platforms will grow in a
uniform and extensible way of representing hardware devices, compliant
with industry standards (ePAPR, Open Firmware), independent of
architecture and platform (portable across ARM, MIPS, PowerPC etc.),"
said Rafal Jaworoski, FreeBSD Developer.

Semihalf is a privately owned company, based in Krakow, Poland. They 
specialize in embedded systems design and development, with expertise in 
both software and hardware. Among their portfolio are FreeBSD ports to 
high-end embedded processors (including multi-core) with a wide range of 
peripheral drivers (storage, networking, pattern matching, security 
engines etc.); most of this work is publicly available from the FreeBSD 
repository.
(Continue reading)

Doug Barton | 19 Oct 02:23 2009
Picon

Portmaster funding proposal


I have launched an initiative to give the community the opportunity to
fund further development work on portmaster. As much as I love doing
this work I need to be able to support myself and my family and the
kinds of features that users have requested (such as package support)
will take a lot of time to implement correctly.

The URL is here: http://dougbarton.us/portmaster-proposal.html

Several users have been kind enough to send donations and I have
updated the web page to indicate the work that has been completed, and
that which is in progress.

If you have any interest in funding this project take a look at that
web page. Of course additional ideas for features are also welcome.

Finally, if you find this message unwelcome or inappropriate in any
way please accept my apologies.

Regards,

Doug

--

	Improve the effectiveness of your Internet presence with
	a domain name makeover!    http://SupersetSolutions.com/


Gmane