Re: FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver

ded. If you don't want freebsd-update to update your kernel, remove 'kernel' from the 'Components' line in /etc/freebsd-update.conf. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly

New FreeBSD Security Officer

er has ever been. Thank you for all the support and bug reports you've provided over the years, and please join me in welcoming Simon to his new role. Sincerely, Colin Percival - -- Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online

HEADS UP: FreeBSD 7.3 EoL coming soon

RELENG_9_0 |9.0-RELEASE |Normal |January 10, 2012 |January 31, 2013 | +-+ - -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the trul

Re: Merry Christmas from the FreeBSD Security Team

telnetd from most other > vendors? In particular MIT Kerberos & heimdal? It probably applies to everyone shipping BSD telnetd -- I notified the projects I could think of, but I'm sure I missed a few. Heimdal is definitely affected. I don't think MIT Kerberos ships telnetd

HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon

, 2010|July 31, 2012| +-+ - -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid -BEGIN PGP SIGNATURE

Re: MD5 Collisions...

quot; I fail to see how the man page is incorrect here. What do you think it should be saying instead? Colin Percival FreeBSD Security Officer ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: missing Advisory at ftp.freebsd.org

Robert Watson wrote: > On Fri, 5 Oct 2007, Colin Percival wrote: >>> ftp://ftp.freebsd.org/CERT/ >> >> We stopped uploading advisories there because we kept on running into >> problems with ftp mirrors being out of date, while have complete >> control over th

Re: FreeBSD 6.2 EoL =~ s/January/May/

ither FreeBSD 6.3 or FreeBSD 7.0 > once > those have been released (hopefully by the end of December). FreeBSD 6.3 will > be supported until the end of 2009, while FreeBSD 7.0 will be supported until > the end of 2008. > > Colin Percival > FreeBSD Security Officer ___

Re: missing Advisory at ftp.freebsd.org

ture (no more details). Huh? The advisories on the security.freebsd.org webserver are exactly the same files as the advisories which went to ftp.freebsd.org. Colin Percival FreeBSD Security Officer ___ freebsd-security@freebsd.org mailing list http://list

Re: RELENG_6_2 EoL Date?

2-RELEASE will be pushed back, probably until May 2008; I'm waiting until the 7.0-BETA cycle starts before making this change since at that point I'll have more of an idea as to when 6.3-RELEASE will happen. Colin Percival ___ freebsd

Re: FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6

an IPv6 network -- both >> routers and hosts -- are required by RFC 2640 to process such headers. > > s/RFC 2640/RFC 2460/ Oops... Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has this too?

e're not affected, especially since we didn't get > any advance notice of this; but I've asked several of our IPv6 / network > stack experts to investigate this. After hearing from a KAME developers who investigated this issue,

Re: OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has this too?

ince we didn't get any advance notice of this; but I've asked several of our IPv6 / network stack experts to investigate this. Colin Percival FreeBSD Security Officer ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mail

Re: FreeBSD Security Advisory FreeBSD-SA-07:02.bind

gt; Disable / restrict recursion (to limit exposure). Considering that the only FreeBSD systems which permit recursive queries are those which have been specifically configured to do so, I don't consider this to be a workaround. DoS by

Re: What about BIND 9.3.4 in FreeBSD in base system ?

SD-SA-06:20.bind on September 6th, right? Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail

to_fd = open(to.p_path, O_WRONLY | O_TRUNC | O_CREAT, fs->st_mode & ~(S_ISUID | S_ISGID)); Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-

Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail

Philipp Wuensche wrote: > Colin Percival wrote: >> In the end we opted to reduce functionality (the jail startup process is >> no longer logged to /var/log/console.log inside the jail) > > Thats a bummer, when Dirk showed me this problem the first time my ideas > for fix

HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail

e, as well as the release engineering team for being very patient with us and delaying the upcoming release to give us time to fix this. Sincerely, Colin Percival FreeBSD Security Officer FreeBSD Security Advisories wrote: > =

EoL for FreeBSD 6.2-RC1

g. If any advisories happen before 6.2-RELEASE, the appropriate binary updates will be available for 6.2-RC1 via FreeBSD Update. Colin Percival FreeBSD Security Officer ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listin

Re: FreeBSD Security Advisory FreeBSD-SA-06:25.kmem

ear opinions from the FreeBSD community about whether this sort of issue is one which anyone really cares about. Colin Percival FreeBSD Security Officer ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability

Bill Moran wrote: > Colin Percival <[EMAIL PROTECTED]> wrote: >> This is a local denial of service bug, which was fixed 6 weeks ago in HEAD ^^^ > That was what I expected. Section III seems to hint that it could be > used by an unprivili

Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability

be corrected in a future Erratum." If there was any potential for (a) privilege escalation, (b) disclosure of potentially sensitive information, or (c) denial of service by a non-authenticated attacker, we would have issued a security advisory. Colin Percival __

Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh

oretically lead to ^^ pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. Colin Percival __

Re: Binary updates for SA-06:23?

ase it matters, this is on 6.1-SECURITY/SMP with freebsd-update from > ports. Please send me the output of # ls -l /lib/libcrypto.so.4 # strings /lib/libcrypto.so.4 | grep 2006 # md5 /lib/libcrypto.so.4 Colin Percival ___ freebsd-secur

Re: OpenSSH DoS issue ?

today, but delayed because of some last-minute problems.) Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Fw: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:23.openssl

tatements like that make me uncomfortable. DH and DSA are limited to 1 bits. RSA is limited to 16400 or 4112 bits depending upon whether the public exponent is less or more than 72 bits. I wouldn't have allowed this change into the security branches if I was not ver

Re: FreeBSD Security Advisory FreeBSD-SA-06:20.bind

he ports had the same security problems as the base system code. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD Security Advisory FreeBSD-SA-06:20.bind

eeBSD Update builds finish). Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

FreeBSD Update [was: Re: FreeBSD Security Advisory FreeBSD-SA-06:19.openssl]

imes later today. Colin Percival FreeBSD Security Advisories wrote: > = > FreeBSD-SA-06:19.opensslSecurity Advisory >

Re: http://www.openssl.org/news/secadv_20060905.txt

blic exponent of 65537 are absolutely not vulnerable to this attack. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD Security Advisory FreeBSD-SA-06:18.ppp

o-Point Protocol. I'll send out a revised advisory once I'm sure I have all the details right. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Determining vulnerability to issues described by SAs

reeBSD Update does not include updated $FreeBSD$ tags, since the new values in those tags are generated at commit time, well after the FreeBSD Update builds are run. > I'm fairly new to FreeBSD, so I may just be missing something > here--is there a reliable way to determine if a system

FreeBSD Security Survey

se visit http://people.freebsd.org/~cperciva/survey.html and complete the survey below before May 31st, 2006. Thanks, Colin Percival FreeBSD Security Officer ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To un

Re: Freebsd-update and 6.1-RELEASE

I wrote: > FreeBSD Update will work on FreeBSD 6.1 before the first security > advisory affecting 6.1 is released. I think I have everything in place for FreeBSD Update to run on FreeBSD 6.1. Please test and let me know if I forgot anything. Colin Pe

Re: Freebsd-update and 6.1-RELEASE

doesn't already work is that I was getting ready for my flight to BSDCan when the release happened. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/sys/amd64/amd64 mp_machdep.c src/sys/i386/i386 mp_machdep.c

Stefan Bethke wrote: > Am 24.04.2006 um 23:17 schrieb Colin Percival: >> FreeBSD src repository >> >> Modified files: >> sys/amd64/amd64 mp_machdep.c >> sys/i386/i386mp_machdep.c > > I do not pretend to understand the background, but

Still Fundraising for FreeBSD security development

there were several people in this position, so I'm hoping I can reach my target in the next week. As before, details about the work I plan on doing, how to donate, and a list of the donations I have received, are at http://people.freebsd.org/~cperciva/funding.html Colin Per

Re: FreeBSD Security Advisory FreeBSD-SA-06:14.fpu

sponse at http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Fundraising for FreeBSD security development

said, if I come close to, but do not reach, my target, I'll ask the Foundation if they can make up the difference. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Fundraising for FreeBSD security development

s), please contact me by email to obtain my mailing address. In either case, please let me know if you wish to remain anonymous. For more details, see http://people.freebsd.org/~cperciva/funding.html . Colin Percival ___ freebsd-security

Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail

l -d0.1 > Version 8.13.3 > > When I try to check patch (patch -C), I receive many "Hunk #n failed > at nn." see below. Try using sendmail.patch instead of sendmail411.patch. Colin Percival ___ freebsd-security@freebsd.org mailing list htt

Re: FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec

through the cracks this time. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: sendmail patches

em. They're just not there yet. ftp.freebsd.org mirrors from ftp-master.freebsd.org; the files are on ftp-master, but they apparently haven't been mirrored yet. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd

Re: FreeBSD Security Advisory FreeBSD-SA-06:10.nfs

y affects RPC messages incoming via TCP, disabling the use of TCP with NFS will correct this while still allowing NFS to run over UDP. To disable use of TCP for NFS, remove the "-t" flag from nfs_server_flags in /etc/rc.conf and reboot. Colin Percival __

Re: FreeBSD Security Advisory FreeBSD-SA-06:01.texindex

Richard Kojedzinszky wrote: > removed the whole /usr/obj, then issued make buildworld, but again it > failed. > My source is up to date, to RELENG_5_4, from cvsup.de.freebsd.org. > What should i try next? I don't know... buildworld works for me

Re: FreeBSD Security Advisory FreeBSD-SA-06:01.texindex

bj tree lying around. Try deleting /usr/obj . Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD Security Advisory FreeBSD-SA-06:01.texindex

e depend && make # cd /usr/src/gnu/usr.bin/texinfo/texindex # make obj && make depend && make && make install Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Reflections on Trusting Trust

Kris Kennaway wrote: > On Tue, Nov 29, 2005 at 03:43:11PM -0800, Colin Percival wrote: >>Even before you get to that point, you have to worry about making sure >>that the build clients are secure. One possibility which worries me a >>great deal is that a trojan in the build c

Re: Reflections on Trusting Trust

Kris Kennaway wrote: > Also, pkg_sign(1) has existed for a long time, but needs the support > infrastructure to make it usable. Last I heard, pkg_sign(1) became non-functional when we changed from gzipped tarballs to bzip2ed tarballs for packages. Colin Pe

Re: Reflections on Trusting Trust

7;m not willing to trust the security of every system which ever installs FreeBSD packages to the hope that nobody will ever find a security flaw which permits a jailbreak. Once Xen is more mature, I imagine that it will be very useful for performing such buil

Re: Reflections on Trusting Trust

t need to redirect your connection > and wait 'til your next cvsup sync is done. This is why I wrote portsnap. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: More on freebsd-update (WAS: Is the server portion of freebsd-update open source?)

e the build code I'll have to consult with the release engineering team and the user community about which kernels would be most useful. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Is the server portion of freebsd-update open source?

patching fails), using a caching HTTP proxy will use far less bandwidth than mirroring everything. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Is the server portion of freebsd-update open source?

ecurity update in sendmail and you have deleted the sendmail binaries, FreeBSD Update will ignore that particular update. Is there any reason why this is insufficient? Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/m

Re: Is the server portion of freebsd-update open source?

tiple known bugs -- so I don't particularly want to expose it to public scrutiny and I doubt that it will be very useful either. Rewriting the build code is approaching the top of my todo list, but isn't there quite yet; in the meantime, if you can send me more details about what you want to do I

Re: GID Games Exploits

ixed. If you have any details about these, please forward them to [EMAIL PROTECTED] so that we can investigate. Colin Percival FreeBSD Security Officer ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-sec

Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl

Kris Kennaway wrote: > AFAIK there are no statically linked openssl applications in the > FreeBSD base system, unless someone has specifically compiled them > that way on their own. I can confirm that this is true for 4.10, 4.11, 5.3, and 5.4, at least under the default build flag

Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl

ontain the string "OpenSSL" (using fgrep). Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl

t is supported by both the client and the server, so I don't see why disabling SSLv2 entirely would be useful aside from protecting against this vulnerability. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/m

Re: New FreeBSD Security Officer

Jacques Vidrine wrote: > I asked the FreeBSD Core Team to offer the security officer role to > Colin Percival, and I am happy to say that they agreed and that Colin > accepted. [...] Thanks, Jacques, for the words of introduction. I'd like to take this opportunity to say a fe

Re: cvs commit: src/games/fortune/fortune fortune.c

l example, the sequence MD5(0), MD5(1), MD5(2) ... looks random, but obviously isn't.) If we want to determine if the PRNG has been seeded properly, we should be querying the kernel, not trying to distinguish between "random" and "non-random" just based on its output. Col

Re: FreeBSD Security Advisory FreeBSD-SA-05:16.zlib

> Affects:FreeBSD 5.3, FreeBSD 5.4 A few people have asked about this, so to make it clear: This issue affects FreeBSD 5.3 and FreeBSD 5.4 ONLY. FreeBSD 4.x is not affected. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd

Re: Any status on timestamp vulnerability fix for 4.X?

Uwe Doering wrote: > So 'tcp_seq.h' needs to be patched, too. [...] Or you could just follow the instructions in FreeBSD-SA-05:15.tcp. :-) Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/lis

Re: Perl master site changed to tobez.org?

Michael Scheidell wrote: > How safe is this your site? This doesn't matter (much), since the ports code checks MD5 hashes before trusting a downloaded distfile. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.fre

Re: FreeBSD 5.4 SMP kernels now available via FreeBSD Update

Mipam wrote: > Thanks for the kernel. > What parameters did you change in your SMP kernel. > Just curious, surely gonna try your kernel. :-) I didn't change any parameters, I just used the SMP kernel configuration from the source tree (i.e., GENERIC plus "options SMP

Re: FreeBSD 5.4 SMP kernels now available via FreeBSD Update

Billy Newsom wrote: > Colin Percival wrote: >> It sounds like the SMP kernel I provided for FreeBSD 5.3 was quite >> popular [...] > > I'm curious how popular. Would you like to report some statistics here > on the list? As in, how many SMP downloads did you get

FreeBSD 5.4 SMP kernels now available via FreeBSD Update

ernel/SMP # freebsd-update fetch # freebsd-update install # echo 'bootfile="SMP"' >> /boot/loader.conf and reboot. You should now find that `uname -ri` outputs "5.4-SECURITY SMP". Colin Percival ___ freeb

Re: FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED]

me. Kewl. No. On hyperthreaded systems which don't run FreeBSD or SCO, having a local account buys you an attack which would otherwise be impossible. (Unless you're running a really old version of OpenSSL.) Colin Percival ___ freebsd-security@

Re: FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED]

with no local users), you can set machdep.hyperthreading_allowed=1 in /boot/loader.conf or via the sysctl after booting, and get the benefit of hyperthreading. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listin

Re: Will 5.4 be an "Extended Life" release?

Brett Glass wrote: > At 07:42 PM 4/17/2005, Colin Percival wrote: >>FreeBSD 4.11 will be supported until at least January 2007. > > Any chance of a 4.12, incorporating some of the last bits > that have been brought into 4-STABLE... Unless someone wants to step forward with a

Re: Will 5.4 be an "Extended Life" release?

rted for two years from its release date. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Will 5.4 be an "Extended Life" release?

be? My personal recommendation is to move to 5.x now; but to answer your question: Yes. FreeBSD 4.11 is supported until January 2007, and the latest plans (that I've heard, at least) have FreeBSD 6.0 coming out some time in late 2005. Colin Percival __

Re: Will 5.4 be an "Extended Life" release?

ither difficult nor time consuming) then you can expect security support until at least the second half of 2007. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: About the FreeBSD Security Advisories

hedule. It probably took longer than usual for the ftp mirrors this time since many of them are still grabbing the 5.4-RC1 bits. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsu

Re: FreeBSD Security Advisory FreeBSD-SA-05:02.sendfile

ead of 'vp'. I agree that it looks a bit odd; a few people have pointed this out to us (but none of them before it was committed into the CVS tree). That said, it doesn't seem to matter, so I'm not going to go back and change the patch now. Colin Percival ___

Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet

h will be written. Taking the second example, if slc_replyp == slc_reply + 126, then we will have &slc_replyp[2] == slc_reply_eom, but (looking at the code) the two final bytes will be written into slc_reply[126] and slc_reply[127]. Colin Percival ___ freebsd-s

Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet

ther affected systems if they wish. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet

from one of four different directories. We decided that having everybody run "make buildworld" was far less prone to error than trying to explain which particular version of telnet each system would need to have rebuilt. Colin Percival ___ fre

Re: no patch, is there a problem

David Schultz wrote: > On Thu, Mar 17, 2005, Colin Percival wrote: >>We're not affected. The problem is in copyoutstr(), >>which doesn't exist in FreeBSD. > > It exists on FreeBSD/alpha because it was blindly copied from > NetBSD. However, we don

Re: no patch whats going on

m us. stheg olloydson wrote: > According to the site, this hole was disclosed 28.2.05. I wonder > if this is the issue that Theo deRaadt was complaining about No. Colin Percival ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/ma

Re: no patch, is there a problem

Timothy Smith wrote: > http://www.securityfocus.com/bid/12825/info/ > > no patch or anything, is there any action on this? We're not affected. The problem is in copyoutstr(), which doesn't exist in FreeBSD. I've sent an email to securityfocus advising them