This mailing list is for announcements about NetBSD

NetBSD Security Officer | 8 Jul 2009 06:45

Picon

NetBSD Security Advisory 2009-008: OpenSSL ASN1 parsing denial of service and CMS signature verification weakness


		 NetBSD Security Advisory 2009-008
		 =================================

Topic:		OpenSSL ASN1 parsing denial of service and CMS
		signature verification weakness

Version:	NetBSD-current:		affected prior to 2009-03-27
		NetBSD 5.0:		not affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			openssl package prior to 0.9.8k

Severity:	Denial of Service, Forgery of CMS signatures

Fixed:		NetBSD-current:		May 27, 2009
		NetBSD-4 branch:	July 4, 2009 (4.1 will include the fix)
		NetBSD-4-0 branch:	July 4, 2009 (4.0.2 will include the fix)
		pkgsrc 2009Q1:		openssl-0.9.8k corrects this issue

Please note that NetBSD releases prior to 4.0, as well as the pre-release
versions of NetBSD 5.0, are no longer supported. It is recommended that
all users upgrade to a supported release.

Abstract
========

A handling error in the ASN1 parser functions can cause an
application linked against libcrypto to crash. Another
vulnerability in the CMS signature verification algorithm

(Continue reading)

NetBSD Security Officer | 8 Jul 2009 06:46

Picon

NetBSD Security Advisory 2009-009: OpenSSL DTLS Memory Exhaustion and DSA signature verification vulnerabilities


		 NetBSD Security Advisory 2009-009
		 =================================

Topic:		OpenSSL DTLS Memory Exhaustion and DSA signature
		verification vulnerabilities

Version:	NetBSD-current:		affected prior to 2009-07-04
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			openssl package prior to 0.9.8j

Severity:	Denial of Service, DSA signature spoofing

Fixed:		NetBSD-current:		July 4, 2009
		NetBSD-5-0 branch:	July 4, 2009 (NetBSD 5.0.1 will include the fix)
		NetBSD-5 branch:	July 4, 2009 (NetBSD 5.1 will include the fix)
		NetBSD-4-0 branch:	July 4, 2009 (NetBSD 4.0.2 will include the fix)
		NetBSD-4 branch:	July 4, 2009 (NetBSD 4.1 will include the fix)
		pkgsrc 2009Q1:		openssl-0.9.8j corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

Two range check errors in the DTLS code allow a remote attacker
to exhaust memory by executing too many out of sequence handshakes

(Continue reading)

Thor Simon | 14 Jul 2009 02:35

Picon

Brief outage of ftp.netbsd.org TODAY, 2009-07-14 02:45 UTC

At or around 02:45:00 UTC today, ftp.netbsd.org will be unavailable for
a brief interval expected to be less than two hours, for a CPU and memory
upgrade.  This is the first step of a major round of upgrades planned for
the NetBSD Foundation servers, and should provide better performance and
more reliable service for our users.

Apologies for the short notice.  We hope the outage will actually be so
short it will be invisible to most of the users of ftp.netbsd.org.

Thor

NetBSD Security Officer | 14 Jul 2009 23:33

Picon

NetBSD Security Advisory 2009-005: Plaintext Recovery Attack Against SSH


		 NetBSD Security Advisory 2009-005
		 =================================

Topic:		Plaintext Recovery Attack Against SSH

Version:	NetBSD-current:	source prior to June 8, 2009
		NetBSD 5.0:	source prior to June 30, 2009
		NetBSD 4.0.1:	source prior to June 30, 2009
		NetBSD 4.0:	source prior to June 30, 2009
		pkgsrc:		openssh packages prior to 5.2

Severity:	Information leakage from SSH sessions

Fixed:		NetBSD-current:    June 8, 2009
		NetBSD-5 branch:   June 30, 2009 (5.0.1 will include the fix)
		NetBSD-4 branch:   June 30, 2009 (4.1 will include the fix)
		NetBSD-4-0 branch: June 30, 2009 (4.0.2 will include the fix)
		pkgsrc 2009Q1:	   openssh-5.2 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

A defect exists in SSH protocol that allows active attackers to
recover plaintext from an SSH session if a CBC mode cipher is in
use. Updated versions of OpenSSH mitigate this problem.

(Continue reading)

NetBSD Security Officer | 14 Jul 2009 23:31

Picon

NetBSD Security Advisory 2009-010: ISC dhclient subnet-mask flag stack overflow


		 NetBSD Security Advisory 2009-010
		 =================================

Topic:		ISC dhclient subnet-mask flag stack overflow

Version:	NetBSD-current:		affected before June 24, 2009
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			isc-dhclient package prior to
					4.1.0p1, 4.0.1p1, or 3.1.2p1

Severity:	Arbitrary Code Execution

Fixed:		NetBSD-current:		June 24, 2009
		NetBSD-5-0 branch:	July 14, 2009 20:00 UTC
		NetBSD-5 branch:	July 14, 2009 20:00 UTC
		NetBSD-4-0 branch:	July 14, 2009 20:00 UTC
		NetBSD-4 branch:	July 14, 2009 20:00 UTC
		pkgsrc 2009Q2:		isc-dhclient-4.1.0p1, 4.0.1p1 and
					3.1.2p1 correct the issue

Abstract
========

A stack overflow vulnerability in ISC dhclient allows an attacker
operating a rogue DHCP server to execute arbitrary code with root
privileges on the affected system by supplying a specially crafted
subnet-mask parameter.

(Continue reading)

Thor Lancelot Simon | 23 Jul 2009 19:08

Picon

More brief outages of ftp.netbsd.org TODAY, 2009-07-23

At or after 18:00UTC today, July 23, 2009, there will be one or more
brief outages of ftp.netbsd.org as we prepare to rearrange services
using new and upgraded hardware.

Thor

NetBSD Security Officer | 28 Jul 2009 23:51

Picon

NetBSD Security Advisory 2009-011: ISC DHCP server Denial of Service vulnerability


		 NetBSD Security Advisory 2009-011
		 =================================

Topic:		ISC DHCP server Denial of Service vulnerability

Version:	NetBSD-current:		affected prior to 2009-07-16
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			isc-dhcpd package prior to 3.1.1p1

Severity:	Denial of Service

Fixed:		NetBSD-current:		Jul 16, 2009
		NetBSD-5-0 branch:	Jul 17, 2009
		NetBSD-5 branch:	Jul 17, 2009
		NetBSD-4-0 branch:	Jul 17, 2009
		NetBSD-4 branch:	Jul 17, 2009
		pkgsrc 2009Q2:		isc-dhcpd-3.1.1p1 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

A reference counting error in dhcpd allows a remote attacker to cause
a daemon crash by submitting requests with the same client ID on
different interfaces served by the same daemon.

(Continue reading)

NetBSD Security Officer | 28 Jul 2009 23:52

Picon

NetBSD Security Advisory 2009-012: SHA2 implementation potential buffer overflow


		 NetBSD Security Advisory 2009-012
		 =================================

Topic:		SHA2 implementation potential buffer overflow

Version:	NetBSD-current:		affected prior to 2009-05-26
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected

Severity:	Denial of Service

Fixed:		NetBSD-current:		May 26, 2009
		NetBSD-5-0 branch:	Jul 11, 2009
		NetBSD-5 branch:	Jul 11, 2009
		NetBSD-4-0 branch:	Jul 22, 2009
		NetBSD-4 branch:	Jul 22, 2009

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

An error initializing a SHA2 context causes vulnerable applications using
libcrypto to suffer from a 4- or 8-byte buffer overflow (for SHA256 and
SHA512 correspondingly) with fixed content, potentially causing
applications to crash.

(Continue reading)

NetBSD Security Officer | 29 Jul 2009 09:30

Picon

NetBSD Security Advisory 2009-013: BIND named dynamic update Denial of Service vulnerability


		 NetBSD Security Advisory 2009-013
		 =================================

Topic:		BIND named dynamic update Denial of Service vulnerability

Version:	NetBSD-current:		affected prior to 2009-07-29
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			bind package prior to 9.5.1pl3 and 9.6.1pl1

Severity:	Denial of Service

Fixed:		NetBSD-current:		July 28, 2009 21:13 UTC
		NetBSD-5-0 branch:	July 28, 2009 22:26 UTC
		NetBSD-5 branch:	July 28, 2009 22:26 UTC
		NetBSD-4-0 branch:	July 28, 2009 22:19 UTC
		NetBSD-4 branch:	July 28, 2009 22:19 UTC
		pkgsrc 2009Q2:		bind-9.5.1pl3 and bind-9.6.1pl1 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

An assertion failure in the Berkeley Internet Name Domain server
software shipped in NetBSD can be used by a remote attacker to
cause the server process to crash by sending specially crafted

(Continue reading)

Group

gmane.os.netbsd.announce.

Search Archive

Page

1

Articles in period: 9

July 2009

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

NetBSD 6.1 (and 6.0.2!) Released (18 May 2013)
cvsweb.NetBSD.org is now updated hourly (27 Apr 2013)
EuroBSDCon 2013 Call for Papers (28 Mar 2013)
pkgsrc-2013Q1 released (1 Apr 2013)
NetBSD Security Advisory 2013-003: RNG Bug May Result in Weak Cryptogr (30 Mar 2013)
NetBSD 6.1 Release Candidate 2 (18 Mar 2013)
Updated NetBSD Security Advisory 2013-003: RNG Bug May Result in Weak (7 Mar 2013)
NetBSD Security Advisory 2013-004: Vulnerabilities in grep (27 Feb 2013)
NetBSD Security Advisory 2013-002: kqueue related kernel panic trigger (27 Feb 2013)
NetBSD Security Advisory 2013-003: Pseudo-Random bits weaker than expe (27 Feb 2013)
NetBSD 6.1_RC1 available for testing (22 Feb 2013)
NetBSD Security Advisory 2013-001: kernel panic triggered from userlan (29 Jan 2013)
Announcing pkgsrc-2012Q4 (11 Jan 2013)
NetBSD 6.0.1 released (26 Dec 2012)
Service outage: nyftp.netbsd.org 2012-12-26 17:00 UTC (25 Dec 2012)
www.netbsd.org is dead, a mirror is stepping in (6 Dec 2012)
NetBSD 5.2_RC1 (14 Nov 2012)
new 64bit NetBSD port for TILE-GX (8 Nov 2012)
End of life for NetBSD 4.x on November 17th. (27 Oct 2012)
Introducing NPF in NetBSD 6.0 (17 Oct 2012)
Proudly announcing NetBSD 6.0! (17 Oct 2012)

Archives

1	May 2013
2	April 2013
4	March 2013
4	February 2013
2	January 2013
3	December 2012
2	November 2012
4	October 2012
1	September 2012
1	August 2012
3	July 2012
4	June 2012
1	May 2012
1	April 2012
4	March 2012
2	February 2012
1	January 2012
4	December 2011
1	November 2011
2	October 2011
1	September 2011
2	July 2011
4	April 2011
4	March 2011
1	February 2011
1	January 2011
4	November 2010
4	October 2010
4	September 2010
3	August 2010
1	July 2010
1	June 2010
1	May 2010
5	April 2010
1	March 2010
4	February 2010
2	January 2010
1	December 2009
4	September 2009
2	August 2009
9	July 2009
8	June 2009
2	May 2009
6	April 2009
2	March 2009
2	February 2009
3	January 2009
1	December 2008
9	October 2008
2	September 2008
2	August 2008
6	July 2008
2	June 2008
5	May 2008
8	April 2008
4	March 2008
5	February 2008
7	January 2008
5	December 2007
6	November 2007
7	October 2007
4	September 2007
1	August 2007
2	July 2007
2	May 2007
2	April 2007
10	March 2007
3	February 2007
3	January 2007
5	December 2006
9	November 2006
4	October 2006
9	September 2006
5	August 2006
4	July 2006
3	June 2006
3	May 2006
7	April 2006
9	March 2006
5	February 2006
1	January 2006
8	December 2005
18	November 2005
5	October 2005
4	September 2005
3	August 2005
3	July 2005
5	June 2005
6	May 2005
2	April 2005
3	March 2005
3	February 2005
6	January 2005
6	December 2004
2	November 2004
2	October 2004
1	August 2004
3	July 2004
3	June 2004
3	May 2004
6	April 2004
9	March 2004
10	February 2004
3	January 2004
3	December 2003
2	November 2003
7	October 2003
8	September 2003
2	August 2003
3	July 2003
1	June 2003
4	May 2003
8	April 2003
11	March 2003
3	February 2003
5	January 2003
2	December 2002
7	November 2002
12	October 2002
18	September 2002
9	August 2002
7	July 2002
4	June 2002
3	May 2002
3	April 2002
2	March 2002

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template