-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sunday 11th of November, an intrusion was detected on two machines
within the FreeBSD.org cluster. The affected machines were taken
offline for analysis. Additionally, a large portion of the remaining
infrastructure machines were also taken offlin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
No, the Grinch didn't steal the FreeBSD security officer GPG key, and your eyes
aren't deceiving you: We really did just send out 5 security advisories.
The timing, to put it bluntly, sucks. We normally aim to release adv
Hi all,
It appears that the security fix in SA-11:05.unix exposed a bug in the linux
emulation code: Linux has a different size of sockaddr_un than FreeBSD, and
the linux emulation code was passing socket addresses through without doing
any translation first.
This appears to break all X-using Lin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Everyone,
The branches supported by the FreeBSD Security Officer have been updated to
reflect the EoL (end-of-life) of FreeBSD 7.1. The new list of supported
branches is below and at < http://security.freebsd.org/ >.
Users of FreeBSD 7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Everyone,
On February 28th, FreeBSD 7.1 will reach its End of Life and will no longer be
supported by the FreeBSD Security Team. (This was initially scheduled to occur
today, but in light of the imminent arrival of FreeBSD 7.4 I decided to push
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
We are aware of the email forwarded by Theo de Raadt to the openbsd-tech
mailing list concerning alleged backdoor(s) in OpenBSD's IPSec stack and/or
other cryptographic code. The FreeBSD operating system contains code derived
from OpenBSD, in
Hello Everyone,
The branches supported by the FreeBSD Security Officer have been updated to
reflect the EoL (end-of-life) of FreeBSD 6.4 and FreeBSD 8.0. Since FreeBSD
6.4 was the last remaining supported release from the FreeBSD 6.x stable
branch, support for the FreeBSD 6.x stable branch has
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Everyone,
On November 30th, FreeBSD 6.4 and FreeBSD 8.0 will have reached their
End of Life and will no longer be supported by the FreeBSD Security Team.
Since FreeBSD 6.4 is the last remaining supported release from the FreeBSD
6.x stable branc
Hi all,
If you haven't updated your affected systems for FreeBSD-SA-10:07.mbuf yet,
there's another reason to do it now: Exploit code was posted earlier today
to the full-disclosure list.
--
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Everyone,
The branches supported by the FreeBSD Security Officer have been updated
to reflect the EoL (end-of-life) of FreeBSD 7.2. The new list is below
and at http://security.freebsd.org/ >.
Users of FreeBSD 7.2 are advised to upgr
Hi all,
Several people have written to me over the past couple of days to ask about a
youtube video which allegedly shows a local root vulnerability in 8.1-beta1
being exploited.
It is possible that the video is real and someone has found a vulnerability.
It is also possible that the video is co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Everyone,
On June 30th, FreeBSD 7.2 will reach its End of Life and will no longer be
supported by the FreeBSD Security Team. Users of this release are strongly
encouraged to upgrade to FreeBSD 7.3 before that date; FreeBSD 7.3 will be
supported
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Everyone,
On June 30th, FreeBSD 7.2 will reach its End of Life and will no longer be
supported by the FreeBSD Security Team. Users of this release are strongly
encouraged to upgrade to FreeBSD 7.3 before that date; FreeBSD 7.3 will be
supported
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Everyone,
In keeping with the FreeBSD Security Team policy concerning the EoL dates for
"Normal" support releases,
"a minimum of 12 months after the release, and for sufficient additional
time (if needed) to ensure that there is a newer rele
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Everyone,
The branches supported by the FreeBSD Security Officer have been updated
to reflect the EoL (end-of-life) of FreeBSD 6.3. The new list is below
and at http://security.freebsd.org/ >.
Users of FreeBSD 6.3 are advised to upgr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
On January 31st, FreeBSD 6.3 will reach its End of Life and will no longer be
supported by the FreeBSD Security Team. Users of this release are strongly
encouraged to upgrade to a newer release before that date -- more conservative
users will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
A short time ago a "local root" exploit was posted to the full-disclosure
mailing list; as the name suggests, this allows a local user to execute
arbitrary code as root.
Normally it is the policy of the FreeBSD Security Team to not publicly
d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
On January 31st, FreeBSD 6.3 will reach its End of Life and will no longer be
supported by the FreeBSD Security Team. Users of this release are strongly
encouraged to upgrade to a newer release before that date -- more conservative
users will
I wrote:
The freebsd-update bits for FreeBSD-SA-09:12.bind are now on the mirrors
for
systems running FreeBSD/{i386, amd64} {6.3, 6.4, 7.1, 7.2}-RELEASE. The
bits
for 8.0-BETA{1, 2} are still building and will be up later today.
The bits for 8.0-BETA{1, 2} are now on the freebsd-update mirro
Hi all,
The freebsd-update bits for FreeBSD-SA-09:12.bind are now on the mirrors for
systems running FreeBSD/{i386, amd64} {6.3, 6.4, 7.1, 7.2}-RELEASE. The bits
for 8.0-BETA{1, 2} are still building and will be up later today.
Sorry about the delay -- it takes approximately 24 hours to build a
Hi all,
There are rumours flying around about a supposed vulnerability in OpenSSH. Two
details which I've seen mentioned many times are
(a) that this exploit was used to break into a RedHat system running OpenSSH 4.3
plus backported security patches, and
(b) that "recent" versions of OpenSSH are
Hello Everyone,
The branches supported by the FreeBSD Security Officer have been updated
to reflect the EoL (end-of-life) of FreeBSD 7.0. The new list is below
and at http://security.freebsd.org/ >. Please note that FreeBSD
7.0 was originally announced with an EoL date of February 28, 2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Everyone,
On April 30th, FreeBSD 7.0 will reach its End of Life and will no longer be
supported by the FreeBSD Security Team. Users of FreeBSD 7.0 are strongly
encouraged to upgrade to FreeBSD 7.1 before that date.
Note that the End of Life d
Just to head off any complaints: Yes, a security advisory just went out, and
yes, I do know that Monday morning (for UTC and further east) / Sunday afternoon
(west of UTC) is not the most convenient time for you to be patching systems.
Unfortunately, this issue was announced publicly at CanSecWe
Hi all,
A semi-remote root exploit for telnetd was posted to the full-disclosure list
yesterday:
http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html
Because the FreeBSD security team didn't get any advance notice of this, we're
still investigating and don't have an offic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Everyone,
The branches supported by the FreeBSD Security Officer have been updated
to reflect recent EoL (end-of-life) events. The new list is below and
at http://security.freebsd.org/ >. FreeBSD 5.5, FreeBSD 6.1, and
FreeBSD 6.2 h
G_7_0 |7.0-RELEASE |Normal |February 27, 2008|February 28, 2009|
+-+
Colin Percival
FreeBSD Security Officer
P.S. For clarity, this is NOT an April Fool's joke.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.
May 2008.
FreeBSD users should plan on upgrading to either FreeBSD 6.3 or FreeBSD 7.0 once
those have been released (hopefully by the end of December). FreeBSD 6.3 will
be supported until the end of 2009, while FreeBSD 7.0 will be supported until
the end of 2008.
Colin Percival
FreeBSD Security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Everyone,
The branches supported by the FreeBSD Security Officer have been
updated to reflect recent EoL (end-of-life) events. The new list is
below and at http://security.freebsd.org/ >. FreeBSD 4.11 and
FreeBSD 6.0 have `expired' an
Percival
FreeBSD Security Officer
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (FreeBSD)
iD8DBQFFmd8BFdaIBMps37IRAk3DAKCKK69yVuOce4g2O97XH5OjPWrAvgCeO2sb
1cXUw0P3RUN11PLHmj6kN+Y=
=tb5N
-END PGP SIGNATURE-
___
freebsd-security@freebsd.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Everyone,
The branches supported by the FreeBSD Security Officer have been
updated to reflect recent EoL (end-of-life) events. The new list is
below and at http://security.freebsd.org/ >. FreeBSD 5.3 and
FreeBSD 5.4 have `expired' an
that this was going to happen, so it's a bit late
to start complaining now.
Colin Percival
FreeBSD Security Officer
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (FreeBSD)
iD8DBQFFNTHJFdaIBMps37IRAnPVAJ4yeeE+yFq8B2cJJJnMBHzInA7vtgCfXjOa
x4J/fxk3XMgPrGw3In+mSAk=
=no9w
-END PGP SIGN
|
++
Once it is released, FreeBSD 6.2 will be supported until November 30, 2007.
Colin Percival
FreeBSD Security Officer
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (FreeBSD)
iD8DBQFFH26OFdaIBMps37IRAhJCAJ974ed3hre2jaStlu+u+/N667JHBgCfaQuV
DeeQJXfaKXQmo/pRzbClLv8=
=29t4
-END PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Everyone,
The branches supported by the FreeBSD Security Officer have been
updated to reflect recent EoL (end-of-life) events. The new list is
below and at http://www.freebsd.org/security/ >. FreeBSD 4.10
has `expired' and is n
-RELEASE |Extended|May 9, 2006 |May 31, 2008 |
++
Once it is released, FreeBSD 5.5 will be supported until May 31, 2008.
Colin Percival
FreeBSD Security Officer
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (FreeBSD
35 matches
Mail list logo
