Re: FreeBSD Security Advisory FreeBSD-SA-15:02.kmem

On 1/28/2015 2:46 PM, Joe Holden wrote: Really, how many SCTP users are there om the wild... maybe one? It shouldn't be in GENERIC at the very least! It's used for IP-based telecom backhaul with modern POTS networks and cell networks. It's far better than TCP at handling the vagaries of voi

Re: FreeBSD Security Advisory FreeBSD-SA-14:31.ntp

On 1/7/2015 10:50 AM, Dag-Erling Smørgrav wrote: Leif Pedersen writes: It seems like -b doesn't work for upgrades though, Yes, it does. # env UNAME_r=10.1-RELEASE freebsd-update -b /j/test upgrade freebsd-update: Release target must be specified via -r option. This doesn't work

Re: FreeBSD Security Advisory FreeBSD-SA-14:31.ntp

On 12/25/2014 11:36 AM, Remko Lodder wrote: On 25 Dec 2014, at 18:46, Darren Pilgrim wrote: On 12/23/2014 3:33 PM, FreeBSD Security Advisories wrote: IV. Workaround No workaround is available, This was fixed in ports/net/ntp on Dec 20, so a workaround exists in the form of disabling the

Re: FreeBSD Security Advisory FreeBSD-SA-14:31.ntp

On 12/23/2014 3:33 PM, FreeBSD Security Advisories wrote: IV. Workaround No workaround is available, This was fixed in ports/net/ntp on Dec 20, so a workaround exists in the form of disabling the in-base version and installing the port. In the future, it would be helpful to mention such.

Re: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound

On 12/17/2014 12:36 AM, FreeBSD Security Advisories wrote: IV. Workaround No workaround is available, but hosts not running unbound(8) are not vulnerable. The first part of that statement is false. The dns/unbound port was fixed for CVE-2014-8602 on 9 December. Thus a valid work around is

Re: FreeBSD Security Advisory FreeBSD-SA-14:08.tcp

On 5/2/2014 1:05 PM, Xin Li wrote: Blocking inbound IP fragments is generally a good safety measure, but keep in mind that doing so could break certain applications that do require it (e.g. don't be surprised if some user behind several layers of firewalls see blank pages from your website) and t

Re: ports requiring OpenSSL not honouring OpenSSL from ports

On 4/30/2014 12:48 PM, Michael Grimm wrote: [CC'd to freebsd-ports] On 28.04.2014, at 00:50, Jamie Landeg-Jones wrote: Scot Hetzel wrote: Here's a list of some that link against /lib/libcrypto.so.7 and/or /lib/libssl.so.7 [...] devel/android-tools-adb net-p2p/transmission-cli net-p2p/tra

Re: Question about "FreeBSD Security Advisory FreeBSD-SA-13:14.openssh"

On 11/19/2013 7:44 AM, Paul Hoffman wrote: Greetings again. Why does this announcement only apply to: Affects:FreeBSD 10.0-BETA That might be the only version where aes128-gcm and aes256-gcm are in the defaults, but other versions of FreeBSD allow you to specify cipher lists in /etc/s

Re: ntpd 4.2.4p8 - up to date?

On 11/1/2013 9:05 AM, Karl Pielorz wrote: A friend who uses linux a lot happened to notice on a FreeBSD box I installed the other day and updated to 9.2-R that it's using ntpd 4.2.4p8. There are two ntpd's in ports: a newer version of the one in base (it's literally a drop in replacement) and

Re: Anything in this story of concern?

On 9/9/2013 5:51 AM, Mark Felder wrote: I'm still waiting for someone to thoroughly analyze this question What's worse: the possibility that NSA has cracked RC4 or being vulnerable to BEAST/CRIME? They're both equally bad, IMO. BEAST/CRIME are known, usable exploits. RC4 isn't proven broken

Re: Anything in this story of concern?

On 9/8/2013 9:44 PM, Ian Smith wrote: Have a look at estimates on the number of internet servers and desktops still vulnerable to BEAST, CRIME, et al. That's for the population of

Re: Replacing BIND with unbound (Was: Re: Pull in upstream before 9.1 code freeze?)

On 2012-07-08 02:31, Doug Barton wrote: On 07/07/2012 17:47, Darren Pilgrim wrote: On 2012-07-07 16:45, Doug Barton wrote: Also re DNSSEC integration in the base, I've stated before that I believe very strongly that any kind of hard-coding of trust anchors as part of the base resolver set

Re: Replacing BIND with unbound (Was: Re: Pull in upstream before 9.1 code freeze?)

On 2012-07-07 16:45, Doug Barton wrote: Also re DNSSEC integration in the base, I've stated before that I believe very strongly that any kind of hard-coding of trust anchors as part of the base resolver setup is a bad idea, and should not be done. We need to leverage the ports system for this so

Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail

Does this affect all use of sendmail or just SMTP servers? Specifically, can this be locally exploited in a submission agent with no local delivery? ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-securi

RE: Is CVS security on topic for this list?

From: Duane Whitty > > I'm wondering about the security implications of running a CVS server > with group write permission on the repository and various other > configuration details. Is this an appropriate discussion for this > list? If it is I have a setup I'd like some feedback on. If thi

RE: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet

Colin Percival wrote: > Will Yardley wrote: > > > > Normally, the security advisories just have you rebuild the > > program in question - wouldn't that have sufficed here? > > For historical reasons, the telnet build is rather messy: Depending > upon which options you have set in /etc/make.conf,