Lucas Holt | 12 Jun 20:38 2015

MidnightBSD 0.6.1 RELEASE

MidnightBSD 0.6.1 RELEASE fixes several security issues with OpenSSL.

It updates the system to OpenSSL 0.9.8zg.

Users of 0.6 or 07-CURRENT should update their systems via SVN.

You can read more about the issues via the OpenSSL website:
https://www.openssl.org/news/secadv_20150611.txt

Lucas Holt
Luke <at> FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)
Lucas Holt | 27 Apr 05:17 2015

MidnightBSD 0.6 RELEASE

0.6-RELEASE NOTES

This release is primarily a security fix and mport package tool release. 

Security

OpenSSL: 
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]

The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]

A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]

TCP SYN:
When a segment with the SYN flag for an already existing connection arrives,
the TCP stack tears down the connection, bypassing a check that the
sequence number in the segment is in the expected window.

Fix several security vulnerabilities in routed, rtsold, and namei with respect to Capsicum sandboxes
looking up nonexistent path names and leaking memory.

The input path in routed(8) will accept queries from any source and attempt to answer them.  However, the
output path assumes that the destination address for the response is on a directly connected network.
(Continue reading)

Lucas Holt | 8 Apr 03:40 2015

MidnightBSD security update 0.5.11-RELEASE

MidnightBSD 0.6-CURRENT & 0.5.11-RELEASE now contain fixes for two security issues. Users are advised to
update and build a new kernel.

The previous fix for IGMP had an overflow issue. This has been corrected.

ipv6: The Neighbor Discover Protocol allows a local router to advertise a
suggested Current Hop Limit value of a link, which will replace
Current Hop Limit on an interface connected to the link on the MidnightBSD
system.

Obtained from: FreeBSD´╗┐

Lucas Holt
Luke <at> FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)

_______________________________________________
Midnightbsd-users mailing list
Midnightbsd-users <at> stargazer.midnightbsd.org
http://www.midnightbsd.org/mailman/listinfo/midnightbsd-users
Lucas Holt | 25 Feb 15:46 2015

MidnightBSD 0.5.9-RELEASE

        0.5.9 RELEASE

        Fix two security vulnerabilities.

        1. BIND servers which are configured to perform DNSSEC validation and which
        are using managed keys (which occurs implicitly when using
        "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
        unpredictable behavior due to the use of an improperly initialized
        variable.

        CVE-2015-1349

        2. An integer overflow in computing the size of IGMPv3 data buffer can result
        in a buffer which is too small for the requested operation.

        This can result in a DOS attack.

Lucas Holt
Luke <at> FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)
Lucas Holt | 11 Dec 14:35 2014

MidnightBSD 0.5.7-RELEASE

MidnightBSD 0.5.7 RELEASE includes a security fix for file(1) and libmagic that prevents a DOS attack
against any program using libmagic. 

Users can get the latest version from the 0.5 stable branch in subversion.

At a minimum, users should rebuild file(1) and libmagic.

Lucas Holt
Luke <at> FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)
Lucas Holt | 22 Oct 14:30 2014

MidnightBSD 0.5.3-RELEASE

MidnightBSD 0.5.3-RELEASE is now available via subversion. 

Fix several security vulnerabilities in OpenSSL, routed, rtsold,
and namei with respect to Capsicum sandboxes looking up
nonexistent path names and leaking memory.

OpenSSL update adds some workarounds for the recent
poodle vulnerability reported by Google.

The input path in routed(8) will accept queries from any source and
attempt to answer them.  However, the output path assumes that the
destination address for the response is on a directly connected
network.

Due to a missing length check in the code that handles DNS parameters,
a malformed router advertisement message can result in a stack buffer
overflow in rtsold(8).

In addition, we've released 0.5.2-RELEASE ISOs on the FTP server for both amd64 and i386. 
We plan to do rollup security releases periodically.

Lucas Holt
Luke <at> FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)
Dale Scott | 19 Oct 06:06 2014
Picon

how do you start the desktop gui (new user)

Hi there, I'm a new user. I did a new install from the 0.5.2 x386 ISO in a
VirtualBox vm on Win7. After the install, requested the graphics interface
when asked, saw a bunch of stuff downloaded, restarted as requested, and
still get a command line login. What am I missing? Is something not working?
How do I start the desktop?

Thanks,
Dale
Lucas Holt | 4 Oct 20:42 2014

MidnightBSD 0.5.1 - security update

0.5.1-RELEASE is available via SVN. It fixes a security issue with mksh and includes mksh R50c.

Security patches will be handled this way moving forward. For 0.4 and lower, we had patch levels such as p14
for releases that indicated security patches.

Major releases will be 0.4, 0.5, 0.6 and so on with 0.5.1 as a small update.

We've also created a new security mailing list midnightbsd-security <at> midnightbsd.org for release and
security patch announcements exclusively. 

Lucas Holt
Luke <at> FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)
Lucas Holt | 25 Sep 14:16 2014

MidnightBSD 0.5-RELEASE

I'm happy to announce the release of MidnightBSD 0.5.

Security

Fixed a security issue with TCP SYN packet processing that could result in a denial of service attack.

Fixed a bug with clearenv(3) that could result in a segfault

Several OpenSSL security issues were addressed in this release including [CVE-2014-3506],
[CVE-2014-3507], [CVE-2014-3508] and [CVE-2014-3510]

Fix a vulnerability in the control message API. A buffer is not properly cleared before sharing with userland.

Sendmail failed to properly set close-on-exec for open file descriptors.

ktrace page fault kernel trace entries were set to an incorrect size which resulted in a leak of information.

Fix a TCP reassembly bug that could result in a DOS attack

bsnmpd contains a stack overflow when sent certain queries.

Enhancements

Jails now run shutdown scripts.

Support for username with length 32. Previous limit was 16

Imported FreeBSD 9.2 usb stack (plus z87 patches from stable)

Updated em(4), igb(4) and ixgbe(4)
(Continue reading)

Lucas Holt | 9 Apr 14:02 2014

Magus

We've recently updated Magus to run on PostgreSQL rather than MySQL. The new code is checked into the
repository. Some of the utilities like bless and ftp (for packages) have not been updated yet.

Lucas Holt
Luke <at> FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)
Lucas Holt | 9 Apr 14:01 2014

MidnightBSD 0.4-RELEASE-p8 and p9

There have been several recent security advisories around OpenSSL. The version in base in 0.4 and CURRENT
are impacted by one of the issues. MidnightBSD 0.4-RELEASE-p8 fixes this issue. It is strongly advised to
upgrade. You do not need to build a new kernel for this patch, just world.

For those runnings NFS servers, MidnightBSD 0.4-RELEASE-p9 fixes a security issue in the "new" NFS Server
we obtained from FreeBSD 9.x that can lead to a DOS attack from a trusted client.  You do need to build a new
kernel for this update.

Also, mports has an updated openssl port.

Lucas Holt
Luke <at> FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)

Gmane