headers
Alistair Crooks | 1 Nov 2005 01:28

Summary of Changes to the Packages Collection in October 2005


[For a full list of changes in October, please refer to the tech-pkg
mailing list - agc]

Summary of Changes to the Packages Collection in October 2005
=============================================================

By my calculations, at the end of September 2005, there were 5657
packages in the Packages Collection, up from 5558 the previous month,
a rise of 99.

Notable additions include:  audio/glurp, audio/gtkpod, audio/qsynth,
audio/streamripper, benchmarks/forkbomb, biology/pymol,
comms/synce-dccm, comms/synce-librapi2, comms/synce-libsynce,
comms/synce-rra, comms/synce-serial, databases/mysql5-client,
databases/mysql5-server, databases/qdbm, devel/distccmon-gnome,
devel/distccmon-gtk, devel/gnustep-objc-lf2, devel/gsoap,
devel/intel-iscsi, devel/libmemcache, devel/libmimedir,
devel/p5-File-chdir, devel/p5-IO-Pager, devel/p5-Term-Screen,
devel/sysexits, editors/heme, emulators/ski, emulators/z26,
games/blobwars, games/fortunes-calvin, games/fortunes-futurama,
games/fortunes-h2g2, games/InterLOGIC, games/teg,
graphics/digikam-doc, graphics/exifprobe, graphics/gimp24,
graphics/kimdaba, graphics/ocrad, graphics/veusz, graphics/vnc2swf,
ham/gnuradio-audio-oss, ham/gnuradio-core, ham/gnuradio-examples,
ham/gnuradio-gsm, ham/gnuradio-howto, ham/gnuradio-usrp,
ham/gnuradio-wxgui, ham/usrp, lang/mpd, lang/wsbasic,
mail/dkim-milter, mail/evolution-exchange, mail/gotmail, math/fftwf,
math/p5-Math-GMP, math/qalculate-bases, math/qalculate-currency,
math/qalculate-units, meta-pkgs/gnuradio, misc/kmemaid,
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jeff Rizzo | 2 Nov 2005 21:28
Picon

Announcing NetBSD 2.1


Announcing NetBSD 2.1

Introduction

   The  NetBSD  Project  is  pleased  to announce that release 2.1 of the
   NetBSD operating system is now available.

About NetBSD 2.1

   NetBSD  2.1  is  the first maintenance release of the netbsd-2 release
   branch.   This  release  provides  numerous  functional  enhancements,
   including support for many new devices, hundreds of bug fixes, patches
   and  updates  to  kernel subsystems, and many enhancements to the user
   environment.  In  addition, all of the security fixes and critical bug
   fixes from the NetBSD 2.0.3 update are included as well.

   Complete source and binaries for NetBSD 2.1 are available for download
   at  many  sites  around  the world. A list of download sites providing
   FTP,  AnonCVS,  SUP, and other services is provided at the end of this
   announcement;  the latest list of available download sites may also be
   found at:

     http://www.NetBSD.org/mirrors/

   We  encourage  users  who  wish  to  install via a CD-ROM ISO image to
   download via BitTorrent by using the torrent files supplied in the ISO
   image  area.  BitTorrent  has  recently  been  added  to  the  list of
   distribution  mechanisms  and  its  use is strongly encouraged to help
   keep bandwidth available.
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security-Officer | 7 Nov 2005 23:55
Picon

NetBSD Security Advisory 2005-003: F_CLOSEM local denial of service


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Advisory 2005-003
		 =================================

Topic:		F_CLOSEM local denial of service

Version:	NetBSD-current:	source prior to January 12, 2005
		NetBSD 2.1:	not affected
		NetBSD 2.0.2:	not affected
		NetBSD 2.0:	affected
		NetBSD 1.6.*:	not affected

Severity:	Local Denial-of-Service

Fixed:		NetBSD-current:		January 12, 2005
		NetBSD-2-0 branch:	March 16, 2005
						(2.0.2 includes the fix)
		NetBSD-2 branch:	March 16, 2005 
						(2.1 includes the fix)

Abstract
========

A bug in the way the file descriptor table of a process is manipulated
can be triggered by calling the F_CLOSEM fnctl() with the parameter 0,
which means "close all opened file descriptors".
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security-Officer | 7 Nov 2005 23:55
Picon

NetBSD Security Advisory 2005-004: Buffer overflows in MIT Kerberos 5 telnet client


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Advisory 2005-004
		 =================================

Topic:		Buffer overflows in MIT Kerberos 5 telnet client

Version:	NetBSD-current:	source prior to April 1, 2005
		NetBSD 2.1:	not affected
		NetBSD 2.0.3:	not affected
		NetBSD 2.0.2:	affected
		NetBSD 2.0:	affected
		NetBSD 1.6.2:	affected
		NetBSD 1.6.1:	affected
		NetBSD 1.6:	affected

Severity:	Remote code execution if connected to malicious server

Fixed:		NetBSD-current:		April 1, 2005
		NetBSD-3 branch:	April 8, 2005 
						(3.0 will include the fix)
		NetBSD-2.0 branch:	April 8, 2005
						(2.0.3 includes the fix)
		NetBSD-2 branch:	April 8, 2005
						(2.1 includes the fix)
		NetBSD-1.6 branch:	April 8, 2005

Abstract
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security-Officer | 7 Nov 2005 23:56
Picon

NetBSD Security Advisory 2005-005: cgd(4) key destruction on unconfigure


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Advisory 2005-005
		 =================================

Topic:		cgd(4) key destruction on unconfigure

Version:	NetBSD-current:	source prior to March 19, 2005
		NetBSD 2.1:	not affected
		NetBSD 2.0.3:	not affected
		NetBSD 2.0.2:	not affected
		NetBSD 2.0:	affected
		NetBSD 1.6.*:	not affected

Severity:	possible key compromise

Fixed:		NetBSD-current:		March 19, 2005
		NetBSD-3 branch:	March 19, 2005
						(3.0 will include the fix)
		NetBSD-2.0 branch:	March 20, 2005
						(2.0.2 includes the fix)
		NetBSD-2 branch:	March 20, 2005 
						(2.1 includes the fix)

Abstract
========

When a cgd(4) pseudo-device is unconfigured, the driver does not clear
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security-Officer | 7 Nov 2005 23:57
Picon

NetBSD Security Advisory 2005-006: Multiple vulnerabilities in CVS


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Advisory 2005-006
		 =================================

Topic:		Multiple vulnerabilities in CVS

Version:	NetBSD-current:	source prior to August 26, 2005
		NetBSD 2.1:	not affected
		NetBSD 2.0.3:	not affected
		NetBSD 2.0.2:	affected
		NetBSD 2.0:	affected
		NetBSD 1.6.2:	affected
		NetBSD 1.6.1:	affected
		NetBSD 1.6:	affected
		pkgsrc:		CVS packages prior to 1.11.20nb2

Severity:	Remote execution of arbitrary code, denial of service and
		local privilege escalation

Fixed:		NetBSD-current:		August 26, 2005
		NetBSD-3 branch:	August 26, 2005 
						(3.0 will include the fix)
		NetBSD-2.0 branch:	August 26, 2005
						(2.0.3 includes the fix)
		NetBSD-2 branch:	August 26, 2005 
						(2.1 includes the fix)
		NetBSD-1.6 branch:	August 26, 2005
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security-Officer | 7 Nov 2005 23:58
Picon

NetBSD Security Advisory 2005-008: Heap memory corruption in FreeBSD compat code


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Advisory 2005-008
		 =================================

Topic:		Heap memory corruption in FreeBSD compat code

Version:	NetBSD-current:	source prior to September 13, 2005
		NetBSD 2.1:	not affected
		NetBSD 2.0.3:	not affected
		NetBSD 2.0.2:	affected
		NetBSD 2.0:	affected
		NetBSD 1.6.2:	affected
		NetBSD 1.6.1:	affected
		NetBSD 1.6:	affected

Severity:	local denial of service, local root compromise

Fixed:		NetBSD-current:		September 13, 2005
		NetBSD-3 branch:	September 13, 2005
						(3.0 will include the fix)
		NetBSD-2.0 branch:	September 13, 2005
						(2.0.3 includes the fix)
		NetBSD-2 branch:	September 13, 2005
						(2.1 includes the fix)
		NetBSD-1.6 branch:	September 14, 2005
						(1.6.3 will include the fix)
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security-Officer | 7 Nov 2005 23:57
Picon

NetBSD Security Advisory 2005-007: AES-XCBC-MAC (IPsec AH) calculated using fixed key


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Advisory 2005-007
		 =================================

Topic:		AES-XCBC-MAC (IPsec AH) calculated using fixed key

Version:	NetBSD-current:	source prior to July 28, 2005
		NetBSD 2.1:	not affected
		NetBSD 2.0.3:	not affected
		NetBSD 2.0.2:	affected
		NetBSD 2.0:	affected
		NetBSD 1.6.*:	unaffected

Severity:	Affected SAs lack integrity protection so an attacker
		can forge data and have it be wrongly accepted

Fixed:		NetBSD-current:		July 28, 2005
		NetBSD-3 branch:	July 28, 2005
						(3.0 will include the fix)
		NetBSD-2.0 branch:	July 28, 2005 
						(2.0.3 includes the fix)
		NetBSD-2 branch:	July 28, 2005
						(2.1 includes the fix)

Abstract
========
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security-Officer | 7 Nov 2005 23:59
Picon

NetBSD Security Advisory 2005-010: OpenSSL "man in the middle" can force weak protocol


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Advisory 2005-010
		 =================================

Topic:		OpenSSL "man in the middle" can force weak protocol

Version:	NetBSD-current:	source prior to October 11, 2005
		NetBSD 2.1:	not affected
		NetBSD 2.0.3:	not affected
		NetBSD 2.0.2:	affected
		NetBSD 2.0:	affected
		NetBSD 1.6.*:	affected
		pkgsrc:		openssl packages prior to 0.9.7h

Severity:	information leak due to false sense of security

Fixed:		NetBSD-current:		October 11, 2005
		NetBSD-3 branch:	October 11, 2005
						(3.0 will include the fix)
		NetBSD-2.0 branch:	October 11, 2005
						(2.0.3 includes the fix)
		NetBSD-2 branch:	October 11, 2005
						(2.1 includes the fix)
		NetBSD-1.6 branch:	October 11, 2005
						(1.6.3 will include the fix)
		pkgsrc:			openssl-0.9.7h corrects this issue
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security-Officer | 7 Nov 2005 23:58
Picon

NetBSD Security Advisory 2005-009: Insecure /tmp file usage when building using imake


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Advisory 2005-009
		 =================================

Topic:		Insecure /tmp file usage when building using imake 

Version:	NetBSD-current:	source prior to September 13, 2005
		NetBSD 2.1:	not affected
		NetBSD 2.0.3:	not affected
		NetBSD 2.0.2:	affected
		NetBSD 2.0:	affected
		NetBSD 1.6.2:	affected
		NetBSD 1.6.1:	affected
		NetBSD 1.6:	affected
		pkgsrc:		imake package prior to 4.4.0nb2 and
				xorg-imake prior to 6.8.2nb2

Severity:	overwrite arbitrary files on the system

Fixed:		NetBSD-current:		September 12, 2005
		NetBSD-3 branch:	September 12, 2005
						(3.0 will include the fix)
		NetBSD-2.0 branch:	September 13, 2005
						(2.0.3 includes the fix)
		NetBSD-2 branch:	September 13, 2005
						(2.1 includes the fix)
		NetBSD-1.6 branch:	September 14, 2005
(Continue reading)

Permalink | Reply | 0 comments |

Gmane