ntpd 4.2.4p8 - up to date?

Hi, A friend who uses linux a lot happened to notice on a FreeBSD box I installed the other day and updated to 9.2-R that it's using ntpd 4.2.4p8. They reckon that's had a lot of issues (e.g. CVE reports) against it - and it should be newer. I'm sure the one it has been 'updated' with is s

Re: ntpd 4.2.4p8 - up to date?

--On 2 November 2013 01:18:24 +0100 Dimitry Andric wrote: [1] http://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html That page lists a bunch of CVEs, and the relevant ones have already had FreeBSD security advisories: CVE-2009-3563 http://www.freebsd.org/security/advi

Re: FreeBSD Security Advisory FreeBSD-SA-14:08.tcp

--On 30 April 2014 04:35:10 + FreeBSD Security Advisories wrote: II. Problem Description FreeBSD may add a reassemble queue entry on the stack into the segment list when the reassembly queue reaches its limit. The memory from the stack is undefined after the function returns. Subseq

Re: FreeBSD Security Advisory FreeBSD-SA-14:08.tcp

--On 1 May 2014 11:42:10 -0700 Xin Li wrote: Does this require an established TCP session to be present? - i.e. If you have a host which provides no external TCP sessions (i.e. replies 'Connection Refused' / drops the initial SYN) would that still be potentially exploitable? No. An establis

Re: FreeBSD Security Advisory FreeBSD-SA-14:14.openssl

--On 05 June 2014 13:16 + FreeBSD Security Advisories wrote: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in http://www.FreeBSD.org/handbook/makeworld.html>. Hi, Is it necessary to build/install the entire wo

sshd Library order fix, not patched by freebsd-update?

Hi, A long time ago (around 2014/04/12) a number of people (including me) found an issue with sshd - to do with the library bind order (as best as I can explain) - whereby sshd would get 'stuck' and leave a lot of zombied sshd's hanging around. This was traced eventually to libthr being 'afte

FreeBSD Security Advisory FreeBSD-SA-15:04.igmp (fwd) - ipfw fix?

Hi, Presumably if you don't need IGMP, ipfw can be used to mitigate this on hosts until they're patched / rebooted, i.e. ipfw add x deny igmp from any to any ? Thanks, -Karl -- Forwarded Message -- Date: 25 February 2015 06:29 + From: FreeBSD Security Advisories To:

Re: FreeBSD Security Advisory FreeBSD-SA-15:04.igmp (fwd) - ipfw fix?

--On 25 February 2015 18:21 +0100 Remko Lodder wrote: This suggests that you can filter the traffic: Block incoming IGMP packets by protecting your host/networks with a firewall. (Quote from the SA). It does, but it doesn't specifically say whether ipfw on *the host that's being protecte