.7
/usr/lib32/libcrypt.so.5
/usr/lib32/librt.so.1
/usr/lib32/libthr.so.3
/var/empty
Log files are not protected.
Kind regards
Miroslav Lachman
On 24 Oct 2023, at 12:19, void wrote:
Hi,
I'd like to set append-only on an arm64 system running stable/14-n265566
(so securelevel=1) but how
can Security Team add all past vulnerabilities in to VuXML and
fix process of publishing future SAs that they will never be missed again?
Kind regards
Miroslav Lachman
On 04/05/2023 19:56, Miroslav Lachman wrote:
As was noted on FreeBSD forum [1], there is problem with missing SA
entries in
me.sh
vulnerable in VuXML database.
Kind regards
Miroslav Lachman
-FreeBSD.html
Kind regards
Miroslav Lachman
ng patches; it is not equipped to notify users
of vulnerabilities that we do not have a patch for. Let me think on how we
might support such a thing and discuss with the team.
Will it be published (marked as vulnerable) in vuln.xml so users of
security/base-audit will be notified?
Kind regard
On 13/04/2021 06:03, Gordon Tetlow wrote:
On Apr 12, 2021, at 03:21, Miroslav Lachman <000.f...@quip.cz> wrote:
On 11/04/2021 21:49, Gian Piero Carrubba wrote:
* [Sun, Apr 11, 2021 at 09:36:05PM +0200] Miroslav Lachman:
On 11/04/2021 21:21, Gian Piero Carrubba wrote:
CCing ports-s
On 11/04/2021 21:49, Gian Piero Carrubba wrote:
* [Sun, Apr 11, 2021 at 09:36:05PM +0200] Miroslav Lachman:
On 11/04/2021 21:21, Gian Piero Carrubba wrote:
CCing ports-secteam@ as it seems a more appropriate recipient.
Vulnerabilities in base should be handled by core secteam, not ports
On 11/04/2021 21:21, Gian Piero Carrubba wrote:
CCing ports-secteam@ as it seems a more appropriate recipient.
Vulnerabilities in base should be handled by core secteam, not ports
secteam. Vuxml entries should be published together with Security
Advisories.
Miroslav Lachman
* [Sun, Apr
"lolwut" reaction was very far from
expected. Trying to neglect the problem, trying to say that FreeBSD is
not responsible for how packages behave in install time and nobody
should be upset that something sends data on install time...
Kind reagards
Miroslav Lachman
8. Entitlemen
em here is that it collects and sends data right at the install
time. It is really unexpected to run installed package without user
consent. If you install Apache, MySQL or any other package the command /
daemon is no run by "pkg install" command.
This must be avoided.
Kind rega
companies have already started informing their customers about
these OpenSSL vulnerabilities.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450
https://www.openssl.org/news/vulnerabilities.html
Kind regards
Miroslav Lachman
fixed in newer patchlevel of FreeBSD 11.4 or it was
not present in 11.x at all?
Kind regards
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail t
VuXML entry or original SA?
Kind regards
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
I don't know who is responsible for adding March entries in to vuxml at
the same time as published it on the website but I really would like to
say THANK YOU.
Kind regards
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
Eugene Grosbein wrote on 2020/03/09 18:15:
09.03.2020 20:49, Cy Schubert wrote:
On March 9, 2020 4:23:10 AM PDT, Miroslav Lachman <000.f...@quip.cz> wrote:
I don't know if FreeBSD is vulnerable or not. There are main Linux
distros and NetBSD listed in the article.
https://thehac
rs to remotely execute arbitrary
code on affected systems and take full control over them.
[1] https://www.kb.cert.org/vuls/id/782301/
Kind regards
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/lis
visories.
Can somebody convince FreeBSD Security Office to publish Advisories in
vuln.xml at the same as on the website? It is FreeBSD's own tool to
handle vulnerabilities but they are not there.
https://bugs.freebsd.org/bugzilla/show_bug.
Eugene Grosbein wrote on 2019/12/08 12:33:
08.12.2019 16:25, Miroslav Lachman wrote:
https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/
Security researchers found a new vulnerability allowing potential attackers to
hijack VPN
systems including FreeBSD, OpenBSD, macOS, iOS, and
Android.
Attacks exploiting CVE-2019-14899 work against OpenVPN, WireGuard, and
IKEv2/IPSec, but the researchers are still testing their feasibility
against Tor.
https://seclists.org/oss-sec/2019/q4/122
--
Miroslav Lachman
nly the deployment of the new /
renewed key is run as root through sudo. I don't know certbot well,
acme.sh allows to use shell scripts as hooks for actions like deployment
so it was really simple to separate cert signing and deployment of new cert.
Kind regards
Miroslav Lachman
__
https://www.freebsd.org/security/advisories.html?
It makes base-audit periodic useless.
https://www.freshports.org/security/base-audit/
Kind regards
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/fr
is FreeBSD's own pet so why new SAs are not added there the same
day they are published as SA on
https://www.freebsd.org/security/advisories.html?
It makes base-audit periodic useless.
https://www.freshports.org/security/base-audit/
Kind regards
Miroslav La
Can somebody commit this easy fix, please?
It is annoying to get false alarms every day in daily security reports.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231054
Kind Regards
Miroslav Lachman
Miroslav Lachman wrote on 2018/08/31 12:24:
Miroslav Lachman wrote on 2018/08/28 00:20
Miroslav Lachman wrote on 2018/08/28 00:20:
Running pkg audit FreeBSD-10.4_11 gives me one vulnerability:
# pkg audit FreeBSD-10.4_11
FreeBSD-10.4_11 is vulnerable:
wpa_supplicant -- unauthenticated encrypted EAPOL-Key data
CVE: CVE-2018-14526
WWW:
https://vuxml.FreeBSD.org/freebsd/6bedc863
e?
Kind regards
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
olled by ssh_config.
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
Spectre and Meltdown was patched in FreeBSD 2 months ago and new
vulnerabilities in CPU are about to come.
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
Miroslav Lachman
know, is FreeBSD (our WiFi stack + hostapd /
wpa_supplicant) affected?
Yes. it is discussed at current@ with patch
https://lists.freebsd.org/pipermail/freebsd-current/2017-October/067193.html
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
: CVE-2016-10009
WWW:
https://vuxml.FreeBSD.org/freebsd/2aedd15f-ca8b-11e6-a9a5-b499baebfeaf.html
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
Xin Li wrote on 2017/01/10 08:49:
On 1/6/17 07:36, Miroslav Lachman wrote:
Miroslav Lachman wrote on 2017/01/03 14:11:
Security entries for base are in VuXML for some time so we are checking
it periodically. Now we have an alert for base sshd in 10.3-p14 and -15
too.
# pkg audit FreeBSD
Miroslav Lachman wrote on 2017/01/03 14:11:
Security entries for base are in VuXML for some time so we are checking
it periodically. Now we have an alert for base sshd in 10.3-p14 and -15
too.
# pkg audit FreeBSD-10.3_15
FreeBSD-10.3_15 is vulnerable:
openssh -- multiple vulnerabilities
CVE
://vuxml.FreeBSD.org/freebsd/2aedd15f-ca8b-11e6-a9a5-b499baebfeaf.html
1 problem(s) in the installed packages found.
But there is no advisory on
https://www.freebsd.org/security/advisories.html for this problem.
Is it false alarm? Or did I missed something?
Miroslav Lachman
, 11.0-STABLE)
2016-09-26 20:26:19 UTC (releng/11.0, 11.0-RELEASE-p1)
CVE Name: CVE-2016-7052
I think it should be
Affects:FreeBSD 11.x
Or should be other versions listed in "Corrected"?
But older FreeBSD versions does not have OpenSSL 1.0.2 in base.
Mirosl
Mark Felder wrote on 09/07/2016 23:25:
On Thu, Aug 25, 2016, at 07:49, Miroslav Lachman wrote:
I am not sure if this is the right list or not. If not, please redirect
me to the right one.
I noticed this post from Mark Felder
https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system
ts must be trusted to run
any checks on them from parent?
The last thing - is it possible to have something like this included as
a part of ports-mgmt/pkg
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/
on
FreeBSD release side and should be fixed. Some things we modified on our
installs.
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "fr
to increase verbosity for log files.
I didn't know blacklistd. It seems very interesting. It would be nice if
somebody will port it to FreeBSD.
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/lis
Gary Palmer wrote:
On Thu, Feb 16, 2012 at 02:01:24PM -0500, Glen Barber wrote:
On Thu, Feb 16, 2012 at 06:59:54PM +0100, Miroslav Lachman wrote:
Glen Barber wrote:
On Thu, Feb 16, 2012 at 06:04:34PM +0100, Miroslav Lachman wrote:
Hi,
I see it many times before, but never take a time to
with gzip,
there is no difference, with bzip2 there is only 2KB more.
Again - I understand your view, but I still think that using new ISO
date format is an improvement.
Cheers,
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
http:/
2k problem and dates with YY format instead of -
it was fine for many years...
But did you noticed, that almost everything else is already logging with
year in date?
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.
Sergey Kandaurov wrote:
2012/2/16 Miroslav Lachman<000.f...@quip.cz>:
Hi,
I see it many times before, but never take a time to post about it.
Scrips in /etc/periodic are grepping logs for yesterday date, but without
specifying year (because some logs do not have year logged).
This resu
I re-add list to CC.
Gregory Orange wrote:
Hi Miroslav,
I don't know if this message really contributes anything to the list, so
I'll email you directly.
On 17/02/12 01:04, Miroslav Lachman wrote:
I see it many times before, but never take a time to post about it.
Well, tha
Glen Barber wrote:
On Thu, Feb 16, 2012 at 06:04:34PM +0100, Miroslav Lachman wrote:
Hi,
I see it many times before, but never take a time to post about it.
Scrips in /etc/periodic are grepping logs for yesterday date, but
without specifying year (because some logs do not have year logged
Maybe some others, I did just a quick grep -rsn 'date -v-1d'
/etc/periodic and I don't know the logic used in other script to get
yesterday messages.
What do you think about it?
Miroslav Lachman
___
freebsd-security@freebsd.org mailing li
obj/usr/src/usr.sbin/ntp/ntpd/../libparse/libparse.a. Stop
Try
cd /usr/src/usr.sbin/ntp
instead of
cd /usr/src/usr.sbin/ntp/ntpd
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To
f the patch on
http://wiki.freebsd.org/Jails
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
using security/rkhunter from ports. It is realy easy to setup and
configure.
I have some local scripts for periodic reports which I plan to submit in
to PR database.
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/ma
etter security called Suhosin. After
installation of this extension you have better control of what you want
to disable, or enable.
http://www.hardened-php.net/suhosin/configuration.html
Author of this extension was developer in PHP security team.
Miroslav La
WITH_OPENSSL=yes',
'OVERWRITE_DB=no',
],
}
AFTERINSTALL = {
'databases/mysql41-server' => proc { |origin|
cmd_enable_rc(origin) + ';' + cmd_restart_rc(ori
49 matches
Mail list logo
