headers
NetBSD Security-Officer | 11 Jul 2005 18:31
Picon

NetBSD Security Advisory NetBSD-SN20050708-1: NetBSD base system not vulnerable to zlib overflow


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Note 20050708-1
		 ===============================

Topic:		NetBSD base system not vulnerable to zlib overflow
		pkgsrc did provide vulnerable versions

A zlib buffer overflow has been announced. 

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2096

The NetBSD Security Officer team was aware of this issue, and would 
like to reassure users that the NetBSD base system is not vulnerable. 

The bug was introduced in changes to zlib after 1.1.4, the latest
version supplied in the base install of NetBSD.

The vulnerable version, 1.2.2 has been available from pkgsrc. 

Users of the audit-packages tool will already have noticed that version
is marked as vulnerable, and the 1.2.2nb1 update addresses the issue.

Other pkgsrc users are encouraged to update devel/zlib to 1.2.2nb1, as
well as to take advantage of the security/audit-packages infrastructure.

Thanks To
=========
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jan Schaumann | 12 Jul 2005 22:28
Picon

NetBSD Quarterly Status Report - 2005Q2


NetBSD Quarterly Status Report

NetBSD is an actively developed operating system. With fifty four
different system architectures in total and binary support of over 48
architectures in our last official release (NetBSD 2.0.2), our widely
portable Packages Collection "pkgsrc" and large userbase there is a lot
going on within the project. In order to allow our users to follow the
most important changes over the last few months, we provide a brief
summary in these official status reports on a regular basis. These
status reports are suitable for reproduction and publication in part or
in whole as long as the source is clearly indicated.

-Jan Schaumann <jschauma <at> NetBSD.org>

April - June 2005:

Administrative:
	- NetBSD 3.0 branched [20050316]
	- NetBSD 2.0.2 released [20050414]
	- Daily snapshots restarted [20050502]
	- New Developers [20050701]

Miscellaneous:
	- NetBSD CVS Digest [20050405]
	- NetBSD in Google's Summer of Code [20050601]
	- NetBSD calls for donations [20050614]

pkgsrc:
	- pkgsrcCon '05 a success [20050508]
(Continue reading)

Permalink | Reply | 0 comments |
headers
Christos Zoulas | 19 Jul 2005 15:05
Picon

Thank you for your donations!


Thanks to the generous response of the NetBSD community, the NetBSD
Foundation is pleased to announce a hardware infrastructure upgrade.
Responding to a special request issued a month ago in this mailing
list and widely disseminated, almost 300 contributors donated
approximately $27,000 to help modernize and improve our service
machines.

We used your donations to purchase five new machines; three of
those machines will be added to our nightly build infrastructure
and two of those machines will become anonymous cvs servers.

These machines cost the foundation approximately $18,000 and have
the following specifications:

	Anonymous CVS servers (two machines)
	2 CPU [2 cpu Opteron 244 (1.8GHz)]
	8 GB Memory (8 x 1GB PC3200 DDR 400MHz ECC memory)
	150 GB Disk (4 SATA 36.7GB 10K RPM drives)

	Build Servers (three machines)
	4 CPU [2 cpu (dual core) Opteron 265 (1.8GHz)]
	4 GB Memory (4 x 1GB PC3200 DDR 400MHz ECC memory)
	210 GB Disk (3 SATA 74GB 10K RPM 8MB Raptor drives)

The two anonymous CVS servers will quadruple the capacity of the
current service and improve its reliability. The three new build
servers will allow us to build the two supported release tags and
the head continuously, providing binaries for all architectures
every two days, while also greatly expanding our ability to provide
(Continue reading)

Permalink | Reply | 0 comments |

Gmane