Deb Goodkin | 5 Dec 21:17 2011

FreeBSD Foundation End-of-Year Fundraising Campaign!

Dear FreeBSD Community,

The FreeBSD Foundation has been proudly supporting the FreeBSD Project 
and community for 11 years now. Every year we sponsor BSD conferences 
and events around the globe, help developers with their travel expenses 
to attend these conferences, work to protect the intellectual property 
of the FreeBSD project, visit institutions and corporations to promote 
the use of FreeBSD, purchase equipment to grow the FreeBSD 
infrastructure, and fund research and development projects that enhance 
the FreeBSD OS.

We are deeply grateful for all the support we receive from so many 
individuals and organizations who value FreeBSD. We currently are at the 
half way point towards our goal of raising $400,000 this year. We are 
hoping that you, the FreeBSD community, will help us meet our goal by 
making a donation this month. By donating to the foundation, you are 
donating to the FreeBSD Project and community as a whole.

I have had the privilege of meeting many FreeBSD enthusiasts in person, 
through email, and on the phone. I am always impressed with the passion 
that these people have for FreeBSD. Most volunteer their precious time 
after work and some are more fortunate where they actually get paid by 
their companies to work with FreeBSD. When there is a BSD related 
conference we usually get quite a few travel grant applications 
requesting help with developers' travel expenses. Thanks to your 
support, we have been able to sponsor the travel expenses of developers 
from Mexico, Lithuania, New Zealand, Germany, Japan, Denmark, and many 
other countries.

Some of these developers recently wrote personal stories about how 
(Continue reading)

Deb Goodkin | 14 Dec 23:46 2011

FreeBSD Foundation's End-of-Year Newsletter


Dear FreeBSD Community,

We are pleased to announce the publication of The FreeBSD Foundation's
2011 End-of-Year Newsletter.

Go to http://www.freebsdfoundation.org/press/2011Dec-newsletter.shtml
to find out how we have supported the FreeBSD Project and community
this year.

Please help us continue and increase our support of FreeBSD by making
a donation to the Foundation. You can go to
http://www.freebsdfoundation.org/donate/
to find out how to make a donation.

Sincerely,

The FreeBSD Foundation

_______________________________________________
freebsd-announce <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe <at> freebsd.org"

Deb Goodkin | 14 Dec 16:29 2011

FreeBSD Foundation's End-of-Year Newsletter

Dear FreeBSD Community,

We are pleased to announce the publication of The FreeBSD Foundation's
2011 End-of-Year Newsletter.

Go to http://www.freebsdfoundation.org/press/2011Dec-newsletter.shtml
to find out how we have supported the FreeBSD Project and community
this year.

Please help us continue and increase our support of FreeBSD by making
a donation to the Foundation. You can go to 
http://www.freebsdfoundation.org/donate/
to find out how to make a donation.

Sincerely,

The FreeBSD Foundation
_______________________________________________
freebsd-announce <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe <at> freebsd.org"

Deb Goodkin | 16 Dec 17:15 2011

FreeBSD Foundation's End-of-Year Newsletter


Dear FreeBSD Community,

We are pleased to announce the publication of The FreeBSD Foundation's
2011 End-of-Year Newsletter.

Go to http://www.freebsdfoundation.org/press/2011Dec-newsletter.shtml
to find out how we have supported the FreeBSD Project and community
this year.

Please help us continue and increase our support of FreeBSD by making
a donation to the Foundation. You can go to
http://www.freebsdfoundation.org/donate/
to find out how to make a donation.

Sincerely,

The FreeBSD Foundation

_______________________________________________
freebsd-announce <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe <at> freebsd.org"

FreeBSD Security Advisories | 23 Dec 16:36 2011
Picon

FreeBSD Security Advisory FreeBSD-SA-11:06.bind


=============================================================================
FreeBSD-SA-11:06.bind                                       Security Advisory
                                                          The FreeBSD Project

Topic:          Remote packet Denial of Service against named(8) servers

Category:       contrib
Module:         bind
Announced:      2011-12-23
Affects:        All supported versions of FreeBSD.
Corrected:      2011-11-17 01:10:16 UTC (RELENG_7, 7.4-STABLE)
                2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5)
                2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9)
                2011-11-17 00:36:10 UTC (RELENG_8, 8.2-STABLE)
                2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5)
                2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7)
                2011-12-01 21:13:41 UTC (RELENG_9, 9.0-STABLE)
                2011-12-01 21:17:59 UTC (RELENG_9_0, 9.0-RC3)
                2011-11-16 23:41:13 UTC (ports tree)
CVE Name:       CVE-2011-4313

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.
(Continue reading)

FreeBSD Security Advisories | 23 Dec 16:36 2011
Picon

FreeBSD Security Advisory FreeBSD-SA-11:07.chroot


=============================================================================
FreeBSD-SA-11:07.chroot                                     Security Advisory
                                                          The FreeBSD Project

Topic:          Code execution via chrooted ftpd

Category:       core
Module:         libc
Announced:      2011-12-23
Affects:        All supported versions of FreeBSD.
Corrected:      2011-12-23 15:00:37 UTC (RELENG_7, 7.4-STABLE)
                2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5)
                2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9)
                2011-12-23 15:00:37 UTC (RELENG_8, 8.2-STABLE)
                2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5)
                2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7)
                2011-12-23 15:00:37 UTC (RELENG_9, 9.0-STABLE)
                2011-12-23 15:00:37 UTC (RELENG_9_0, 9.0-RELEASE)

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

Chroot is an operation that changes the apparent root directory for the
current process and its children.  The chroot(2) system call is widely
used in many applications as a measure of limiting a process's access to
the file system, as part of implementing privilege separation.
(Continue reading)

FreeBSD Security Advisories | 23 Dec 16:36 2011
Picon

FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd


=============================================================================
FreeBSD-SA-11:08.telnetd                                    Security Advisory
                                                          The FreeBSD Project

Topic:          telnetd code execution vulnerability

Category:       core
Module:         contrib
Announced:      2011-12-23
Affects:        All supported versions of FreeBSD.
Corrected:      2011-12-23 15:00:37 UTC (RELENG_7, 7.4-STABLE)
                2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5)
                2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9)
                2011-12-23 15:00:37 UTC (RELENG_8, 8.2-STABLE)
                2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5)
                2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7)
                2011-12-23 15:00:37 UTC (RELENG_9, 9.0-STABLE)
                2011-12-23 15:00:37 UTC (RELENG_9_0, 9.0-RELEASE)
CVE Name:       CVE-2011-4862

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

The FreeBSD telnet daemon, telnetd(8), implements the server side of the
TELNET virtual terminal protocol.  It has been disabled by default in
FreeBSD since August 2001, and due to the lack of cryptographic security
(Continue reading)

FreeBSD Security Advisories | 23 Dec 16:36 2011
Picon

FreeBSD Security Advisory FreeBSD-SA-11:09.pam_ssh


=============================================================================
FreeBSD-SA-11:09.pam_ssh                                    Security Advisory
                                                          The FreeBSD Project

Topic:          pam_ssh improperly grants access when user account has
                unencrypted SSH private keys

Category:       contrib
Module:         pam
Announced:      2011-12-23
Credits:        Guy Helmer, Dag-Erling Smorgrav
Affects:        All supported versions of FreeBSD.
Corrected:      2011-12-11 20:40:23 UTC (RELENG_7, 7.4-STABLE)
                2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5)
                2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9)
                2011-12-11 20:38:36 UTC (RELENG_8, 8.2-STABLE)
                2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5)
                2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7)
                2011-12-11 16:57:27 UTC (RELENG_9, 9.0-STABLE)
                2011-12-11 17:32:37 UTC (RELENG_9_0, 9.0-RELEASE)

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

The PAM (Pluggable Authentication Modules) library provides a flexible
framework for user authentication and session setup / teardown.  It is
(Continue reading)

FreeBSD Security Advisories | 23 Dec 16:36 2011
Picon

FreeBSD Security Advisory FreeBSD-SA-11:10.pam


=============================================================================
FreeBSD-SA-11:10.pam                                        Security Advisory
                                                          The FreeBSD Project

Topic:          pam_start() does not validate service names

Category:       contrib
Module:         pam
Announced:      2011-12-23
Credits:        Matthias Drochner
Affects:        All supported versions of FreeBSD.
Corrected:      2011-12-13 13:03:11 UTC (RELENG_7, 7.4-STABLE)
                2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5)
                2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9)
                2011-12-13 13:02:52 UTC (RELENG_8, 8.2-STABLE)
                2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5)
                2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7)
                2011-12-13 12:59:39 UTC (RELENG_9, 9.0-STABLE)
                2011-12-13 13:02:31 UTC (RELENG_9_0, 9.0-RELEASE)
CVE Name:       CVE-2011-4122

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

The PAM (Pluggable Authentication Modules) library provides a flexible
framework for user authentication and session setup / teardown.  It is
(Continue reading)

FreeBSD Security Officer | 23 Dec 16:39 2011
Picon

Merry Christmas from the FreeBSD Security Team


Hi all,

No, the Grinch didn't steal the FreeBSD security officer GPG key, and your eyes
aren't deceiving you: We really did just send out 5 security advisories.

The timing, to put it bluntly, sucks.  We normally aim to release advisories on
Wednesdays in order to maximize the number of system administrators who will be
at work already; and we try very hard to avoid issuing advisories any time close
to holidays for the same reason.  The start of the Christmas weekend -- in some
parts of the world it's already Saturday -- is absolutely not when we want to be
releasing security advisories.

Unfortunately my hand was forced: One of the issues (FreeBSD-SA-11:08.telnetd)
is a remote root vulnerability which is being actively exploited in the wild;
bugs really don't come any worse than this.  On the positive side, most people
have moved past telnet and on to SSH by now; but this is still not an issue we
could postpone until a more convenient time.

While I'm writing, a note to freebsd-update users: FreeBSD-SA-11:07.chroot has a
rather messy fix involving adding a new interface to libc; this has the awkward
side effect of causing the sizes of some "symbols" (aka. functions) in libc to
change, resulting in cascading changes into many binaries.  The long list of
updated files is irritating, but isn't a sign that anything in freebsd-update
went wrong.

--

-- 
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
(Continue reading)


Gmane