New MIT KRB5 Port

nd me an email. Cheers, Cy Schubert <[EMAIL PROTECTED]> Web: http://www.komquats.com and http://www.bcbodybuilder.com FreeBSD UNIX: <[EMAIL PROTECTED]> Web: http://www.FreeBSD.org BC Government: <[EMAIL PROTECTED]> "Lift long enough and I believe arrogance is

Re: New FreeBSD Security Officer

ars, and please extend the > same and more for Colin! Cheers, > -- > Jacques Vidrine <[EMAIL PROTECTED]> Jacques, I'd like to express my appreciation for all the work you have done as the FreeBSD Security Officer. Thank you. Cheers, Cy Schubert <[EMAIL P

krb5-1.4.3 is released (fwd)

ere). I should have the upgraded port committed sometime during the weekend. Cheers, Cy Schubert <[EMAIL PROTECTED]> Web: http://www.komquats.com and http://www.bcbodybuilder.com FreeBSD UNIX: <[EMAIL PROTECTED]> Web: http://www.FreeBSD.org BC Government: <[EMAIL PROTECTED]

Upcoming Tripwire Port Upgrade

before the February 20 ports change freeze. Any and all testing would be greatly appreciated. A copy of the port can be found at http://komquats.com/~cy/tripwire-port-060 213.tar.bz2. Cheers, Cy Schubert <[EMAIL PROTECTED]> Web: http://www.komquats.com and http://www.bcbodybuilder.

Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail

src/usr.sbin/sendmail. > > This is on > 4.11-STABLE FreeBSD 4.11-STABLE #0: Mon Feb 13 17:36:36 EST 2006 I had no problems building on my 4.11 ports build testbed at home nor any of the 4.11 systems we still have here at work. I did a CVSup though. -- Regards,

HEADS UP: Krb5-1.5

port to build 1.5 if static libraries are not wanted and build 1.4.3 if they are wanted. Static libraries are not a high priority for the Kerberos project at the moment. -- Cheers, Cy Schubert <[EMAIL PROTECTED]> FreeBSD UNIX: <[EMAIL PROTECTED]> Web: http:

(no subject)

ved: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.13.6/8.13.6) with ESMTP id k65FdRet034238 for ; Wed, 5 Jul 2006 08:39:27 -0700 (PDT) (envelope-from [EMAIL PROTECTED]) Message-Id: <[EMAIL PROTECTED]> X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.2 From

Re: HEADS UP: Krb5-1.5

In message <[EMAIL PROTECTED]>, Cy Schubert writes: > There is an issue with the new Kerberos 1.5. It does not currently support > building static libraries. I'm willing to leave the port at 1.4.3 until MIT > fixes the static library build. OTOH, if folks want 1.5, witho

CVE-2016-5696 - Interesting Read

Hi, Though this is not related to FreeBSD (Linux actually), the URL http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf is an interesting read. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few

Re: New Security Officer

; Thank you for all the support and bug reports you've provided over the > years, and please join me in welcoming Gordon to his new role. Hi Xin: Thank you for your dedicated service. Congrats Gordon and thank you for stepping in. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.

RE: http subversion URLs should be discontinued in favor of https URLs

No worries, telnet and ftp are in my sights. --- Sent using a tiny phone keyboard. Apologies for any typos and autocorrect. This old phone only supports top post. Apologies. Cy Schubert or The need of the many outweighs the greed of the few. --- -Original Message- From: Steve Clement

Re: http subversion URLs should be discontinued in favor of https URLs

org. For > > Blimey! You're either very brave, or haven't read the thread fully! :-) This discussion reminds me of some of my clients in which telnet, telnetd, ftp, and ftpd are not installed without departmental SO and CIO approval. -- Cheers, Cy Schubert FreeBSD UNIX: Web

RE: Intel hardware bug

According to a Red Hat announcement, Power and Series z are also vulnerable. --- Sent using a tiny phone keyboard. Apologies for any typos and autocorrect. Also, this old phone only supports top post. Apologies. Cy Schubert or The need of the many outweighs the greed of the few

RE: Intel hardware bug

SPARC definitely does out of order execution. --- Sent using a tiny phone keyboard. Apologies for any typos and autocorrect. Also, this old phone only supports top post. Apologies. Cy Schubert or The need of the many outweighs the greed of the few. --- -Original Message- From: Eric

RE: Intel hardware bug

https://access.redhat.com/security/vulnerabilities/speculativeexecution?sc_cid=701f200tsLNAAY&; --- Sent using a tiny phone keyboard. Apologies for any typos and autocorrect. Also, this old phone only supports top post. Apologies. Cy Schubert or The need of the many outweighs the gree

VMware pulling Intel specter patches

Might we be jumping the gun with updated firmware in devcpu-data? https://www.reddit.com/r/sysadmin/comments/7qjnfx/vmware_pulled_spectre_patches_on_friday/ --- Sent using a tiny phone keyboard. Apologies for any typos and autocorrect. Also, this old phone only supports top post. Apologies. Cy

RE: SQLite vulnerability

Base needs updating. --- Sent using a tiny phone keyboard. Apologies for any typos and autocorrect. Also, this old phone only supports top post. Apologies. Cy Schubert or The need of the many outweighs the greed of the few. --- -Original Message- From: Roger Marquis Sent: 17/12/2018

Spoiler Alert

This came over my phone's news feed. Another example that Colin Percival was right when he wrote his paper on exploiting cache for fun and profit many years ago. https://arxiv.org/pdf/1903.00446.pdf -- Pardon the typos and autocorrect, small keyboard in use. Cheers, Cy Schubert FreeBSD

Re: Spoiler Alert

e for fun and prof= > it many years ago. > >=20 > > Weird machines are weird. > Not-weird machines are dead-slow :-( Picking a random email in this thread to reply. The problem is that there are so many of these Spectre class of exploits that we collectively roll our eyes. Yet anot

Re: Spoiler Alert

f proprietary software so the hardware vendor is much more free > to change the implementation without maintaining hardware-level (or > even ISA-level) compatibility. And a lot more hardware explicit > fetch/store to different levels of the memory hierarchy. Kind of like the Cray

Re: TCP SACK (CVE-2019-5599)

t;Cheers, >Hiren They post a workaround patch in their advisory. As RACK is their contribution, I suppose one of their people who are committers might want to commit it. -- Pardon the typos and autocorrect, small keyboard in use. Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org

Re: Old Stuff

reebsd-security >>> To unsubscribe, send any mail to " >>> freebsd-security-unsubscr...@freebsd.org" >>> >> >___ >freebsd-security@freebsd.org mailing list >https://lists.freebsd.org/mailman/listinf

Re: Old Stuff

_ >freebsd-security@freebsd.org mailing list >https://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to >"freebsd-security-unsubscr...@freebsd.org" Ahh, the latest rowhammer attack, rambled. Avo

Re: Old Stuff

In message , Cy Schubert wr ites: > On July 24, 2019 10:29:12 AM PDT, Luke Crooks wrot > e: > >Clearly you underestimate the technical debt for both hardware and > >software > >technologies, still very much in use today. > > > > > > > >Luke Croo

Re: libarchive issue ?

rable to this particular issue ? I think as fix was > > __FBSDID("$FreeBSD: > stable/12/contrib/libarchive/libarchive/archive_read_support_filter_lz4.c > 353375 2019-10-09 22:18:01Z mm $"); > > but just wanted to make sure Parsing the commit log messages, we're beyond

795-bit RSA Factored

To spice up a slow news day. https://lists.gforge.inria.fr/pipermail/cado-nfs-discuss/2019-December/001139.html -- Pardon the typos and autocorrect, small keyboard in use. Cy Schubert FreeBSD UNIX: Web: https://www.FreeBSD.org The need of the many outweighs the greed of the few. Sent

Re: Critical PPP Daemon Flaw

ebase from NetBSD. I haven't looked at what Red Hat has, no comment about theirs. However it would be prudent to verify our pppd isn't also vulnerable. -- Pardon the typos and autocorrect, small keyboard in use. Cy Schubert FreeBSD UNIX: Web: https://www.FreeBSD.org The need of

Re: vuxml entry error for krb5

ince 1.18 is no longer supported by MIT and is also vulnerable its expiry date has been accelerated to the end of this month. MIT supports only N and N-1. I'm currently considering reducing this from a year to six months when 1.21 is released. > > -GAWollman > > -- Cheers,

Re: FreeBSD Security Advisory FreeBSD-SA-22:15.ping

actices. They gave their CEO an account on the OSF/1 machine with the account name of ceo and a password of, you guessed it, ceo. The CEO never logged in once -- as if the CEO would log into some random UNIX box on the raised floor. I was surprised they didn't get broken into more often than the number of times they did. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=0

Re: help regarding IP address spoofing (when using nmap)

It works fine without the source spoofing but doesn't when I use > it. I can however use my own machine's source IP address with > the '-S' option. As you can see from above it worked fine here. Were you running it under root or some other account? Was

Re: securelevel 1

level when done properly would present similar challenges. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=0 In message <663fd243-94ec-40c1-ac66-ca8e3d5f2...@quip.cz>, Miroslav Lachman wr

Re: securelevel 1

g logs can be time consuming and a little challenging as one must keep a lot of information in mind when working with multiple machines. But with logs sent to a single server a person can use software designed to correlate logs. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=0 

Re: Disclosed backdoor in xz releases - FreeBSD not affected

r also required sshd be linked against liblsma (because libsystemd requires it). OpenSSH doesn't use liblzma by default. liblzma is a systemd requirement. BTW, Lasse Collin's GH account and the xz repo have been re-enabled. It was pointed out to me at $JOB yesterday that he's bee

Re: CVE 2024 1931 - unbound

s at least an advisory cautioning users of > FreeBSD not to enable ede, if not a patch to address it. That would be an MFS of 335c7cda12138f2aefa41fb739707612cc12a9be from stable/14 to releng/14.0 (releng/14.1 already has it) and a corresponding MFS from stable/13 to releng/13.{2,3}. > >

Re: CVE 2024 1931 - unbound

On Wed, 3 Jul 2024 16:29:38 -0700 Cy Schubert wrote: > On Wed, 3 Jul 2024 13:00:41 + > "Wall, Stephen" wrote: > > > > From: Dag-Erling Smørgrav > > > The base system unbound is meant to be used with a configuration > > > generated by > &

OpenSSL Security Advisory (fwd)

Is this something we need to concern ourselves with? -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=0 --- Forwarded Message Date:Tue, 03 Sep 2024 17:48:34 +0200 From:Tomas Mraz