Martin Husemann | 11 Apr 20:49 2006
Picon

NetBSD 4.0 release cycle

Dear NetBSD user,

We would like to inform you that the NetBSD project plans to branch for the
NetBSD 4.0 release soon. Before this happens, a few critical bugs have to
be fixed. The exact list has been posted to the current-users mailing list:

   http://mail-index.netbsd.org/current-users/2006/04/11/0012.html

If you are not familiar with the NetBSD release cycle and version numbering
scheme, you can find an explanation here:

   http://www.netbsd.org/Releases/release-map.html

The branch is expected to need about six month after branching before it is
ready for the actual 4.0 release.

Martin Husemann

NetBSD Security-Officer | 13 Apr 04:33 2006
Picon

NetBSD Security Advisory 2006-009: False detection of Intel hardware RNG


		 NetBSD Security Advisory 2006-009
		 =================================

Topic:		False detection of Intel hardware RNG

Version:	NetBSD-current:	source prior to February 19, 2006
		NetBSD 3.0:	affected
		NetBSD 2.1:	affected
		NetBSD 2.0.*:	affected
		NetBSD 2.0:	affected
		NetBSD 1.6.*:	affected
		NetBSD 1.6:	affected

Severity:	A constant stream is feed into the entropy pool

Fixed:		NetBSD-current:		February 19, 2006
		NetBSD-3-0 branch:	February 26, 2006	
						(3.0.1 will include the fix)
		NetBSD-3   branch:	February 26, 2006
		NetBSD-2-1 branch:	February 26, 2006
						(2.1.1 will include the fix)
		NetBSD-2-0 branch:	February 26, 2006
						(2.0.4 will include the fix)
		NetBSD-2   branch:	February 26, 2006
		NetBSD-1-6 branch:	February 26, 2006

Abstract
========

(Continue reading)

NetBSD Security-Officer | 13 Apr 04:34 2006
Picon

NetBSD Security Advisory 2006-012: SIOCGIFALIAS ioctl may cause system crash


		 NetBSD Security Advisory 2006-012
		 =================================

Topic:		SIOCGIFALIAS ioctl may cause system crash

Version:	NetBSD-current:	source prior to September 28, 2005
		NetBSD 3.0:	affected
		NetBSD 2.1:     affected
		NetBSD 2.0.*:   affected
		NetBSD 2.0:     affected
		NetBSD 1.6.*:   affected
		NetBSD 1.6:     affected

Severity:	Any local user can crash the system

Fixed:		NetBSD-current:		September 28, 2005
		NetBSD-3-0 branch:	April 02, 2006
						(3.0.1 will include the fix)
		NetBSD-3   branch:	April 02, 2006
		NetBSD-2-1 branch:	April 02, 2006
						(2.1.1 will include the fix)
		NetBSD-2-0 branch:	April 02, 2006
						(2.0.4 will include the fix)
		NetBSD-2 branch:	April 02, 2006
		NetBSD-1-6 branch:	April 02, 2006

Abstract
========

(Continue reading)

NetBSD Security-Officer | 13 Apr 04:34 2006
Picon

NetBSD Security Advisory 2006-013: sysctl(3) local denial of service


		 NetBSD Security Advisory 2006-013
		 =================================

Topic:		sysctl(3) local denial of service

Version:	NetBSD-current:	source prior to March 15, 2005
		NetBSD 3.0:	affected
		NetBSD 2.1:     affected
		NetBSD 2.0.*:   affected
		NetBSD 2.0:     affected
		NetBSD 1.6.*:	affected
		NetBSD 1.6:	affected

Severity:	Any local user can crash the system

Fixed:		NetBSD-current:		March 15, 2005
		NetBSD-3-0 branch:	March 24, 2006
						(3.0.1 will include the fix)
		NetBSD-3   branch:	March 24, 2006
		NetBSD-2-1 branch:      March 24, 2006
						(2.1.1 will include the fix)
		NetBSD-2-0 branch:      March 24, 2006
						(2.0.4 will include the fix)
		NetBSD-2 branch:        March 24, 2006

Abstract
========

The user supplied buffer where results of the sysctl(3) call are stored is
(Continue reading)

NetBSD Security-Officer | 13 Apr 04:33 2006
Picon

NetBSD Security Advisory 2006-011: IPSec replay attack


		 NetBSD Security Advisory 2006-011
		 =================================

Topic:		IPSec replay attack

Version:	NetBSD-current:	source prior to March 23, 2006
		NetBSD 3.0:	affected
		NetBSD 2.1:	affected
		NetBSD 2.0.*:	affected
		NetBSD 2.0:	affected

Severity:	Systems could be vulnerable to a replay attack

Fixed:		NetBSD-current:		March 23, 2006
		NetBSD-3-0 branch:	March 28, 2006
						(3.0.1 will include the fix)
		NetBSD-3 branch:	March 28, 2006
		NetBSD-2-1 branch:	March 30, 2006
						(2.1.1 will include the fix)
		NetBSD-2-0 branch:	March 30, 2006
						(2.0.4 will include the fix)
		NetBSD-2 branch:	March 30, 2006

Abstract
========

A vulnerability was found in the fast_ipsec(4) stack that renders the 
IPSec anti-replay service ineffective under certain circumstances.

(Continue reading)

Jan Schaumann | 17 Apr 15:55 2006
Picon

NetBSD Status Report: January - March 2006


NetBSD Quarterly Status Report

NetBSD is an actively developed operating system. With fifty seven
different system architectures in total and binary support of 53
architectures in our last official release (NetBSD 3.0), our widely
portable Packages Collection "pkgsrc" and large userbase there is a lot
going on within the project. In order to allow our users to follow the
most important changes over the last few months, we provide a brief
summary in these official status reports on a regular basis. These
status reports, released with irregular regularity, are suitable for
reproduction and publication in part or in whole as long as the source
is clearly indicated.

This report summarizes the changes within NetBSD during the first three
months of 2006.

-Jan Schaumann <jschauma <at> NetBSD.org>

January 2006 - March 2006:

Administrative:
	- New Developers [20060401]

Miscellaneous:
	- NetBSD Internals book added [20060128]
	- Permission to Incorporate POSIX Material [20060215]
	- New NetBSD flyers and posters [20060312]
	- Developer interviews [20060401]
	- NetBSD on the road
(Continue reading)

NetBSD Security-Officer | 27 Apr 22:40 2006
Picon

NetBSD Security Advisory 2006-014: An audio subsystem race condition may crash the system


		 NetBSD Security Advisory 2006-014
		 =================================

Topic:		An audio subsystem race condition may crash the system

Version:	NetBSD-current:	source prior to April 19, 2006
		NetBSD 3.0:	source prior to April 19, 2006
		NetBSD 2.1:     not affected
		NetBSD 2.0.*:   not affected
		NetBSD 2.0:     not affected
		NetBSD 1.6.*:   not affected
		NetBSD 1.6:     not affected

Severity:	Any local user can crash the system

Fixed:		NetBSD-current:		April 19, 2006
		NetBSD-3-0 branch:	April 19, 2006
					(3.0.1 will include the fix)
		NetBSD-3   branch:	April 19, 2006

Abstract
========

A system crash can occur if a user changes the sample rate of an audio
device during playback.

Technical Details
=================

(Continue reading)


Gmane