The FreeBSD Security Team have identified a little bug in FreeBSD where a lost mbuf flag can result in data loss. “I. Background An mbuf is a basic unit of memory management in the FreeBSD kernel inter-process communication and networking subsystem. Network packets and socket buffers are dependent on mbufs for their storage. Data can [...]
Continue reading...8. June 2010
On June 30th, FreeBSD 7.2 will reach its End of Life and will no longer be supported by the FreeBSD Security Team. Users of this release are strongly encouraged to upgrade to FreeBSD 7.3 before that date; FreeBSD 7.3 will be supported until the end of March 2012. Please note that since FreeBSD 7.1 has [...]
Continue reading...29. May 2010
The FreeBSD Security Team has issued the following security advisories: FreeBSD-SA-10:04.jail FreeBSD-SA-10:06.nfsclient FreeBSD-SA-10:05.opie Read the messages how your system will be affected and how you can update it.
Continue reading...5. March 2010
A problem has been identified with the FreeBSD 7 series ULE Scheduler : FreeBSD has two schedulers: the classic 4BSD scheduler and a newer, more SMP-aware scheduler called ULE. The 4BSD scheduler was the default scheduler until FreeBSD 7.0. Starting with FreeBSD 7.1 the default scheduler is ULE. The scheduler is responsible for allocating CPU [...]
Continue reading...4. December 2009
A security bug in the latest version of FreeBSD can be exploited to grant unprivileged users complete control over the operating system, a German researcher discovered. The flaw is present in FreeBSD 8.0 and is known to affect versions 7.1 and 7.2. “A short time ago a “local root” exploit was posted to the full-disclosure mailing list; as [...]
Continue reading...10. November 2009
Researches Chitti Nimmagadda and Dorr H. Clark of Santa Clara University seem to have discovered and reported a bug in usr/src/sys/fs/fifofs/fifo_vnops.c of FreeBSD 8.0-STABLE release as reported on the FreeBSD bugs mailinglist. We believe we have identified a significant resource leak present in 6.x, 7.x, and 8.x. We believe this is a regression versus FreeBSD [...]
Continue reading...5. October 2009
The FreeBSD Security Team has issued the following security warnings: FreeBSD-SA-09:14.devfs – Devfs / VFS NULL pointer race condition FreeBSD-SA-09:13.pipe – kqueue pipe race conditions FreeBSD-EN-09:05.null – No zero mapping feature For background info, problem description, impact, workaround and solutions, have a look at the individual advisory pages.
Continue reading...30. July 2009
The FreeBSD Security Team has issued the following security warning: FreeBSD-SA-09:12.bind – BIND named(8) dynamic update message remote DoS For background info, problem description, impact, workaround and solution, have a look at the advisory page: bind
Continue reading...15. June 2009
The FreeBSD Security Team has issued the following security warnings: FreeBSD-SA-09:11.ntpd - ntpd stack-based buffer-overflow vulnerability FreeBSD-SA-09:10.ipv6 – Missing permission check on SIOCSIFINFO_IN6 ioctl FreeBSD-SA-09:09.pipe – Local information disclosure via direct pipe writes For background info, problem description, impact, workaround and solutions, have a look at the individual advisory pages.
Continue reading...23. April 2009
The FreeBSD Security Team has issued the following security warnings: FreeBSD-SA-09:08.openssl - Remotely exploitable crash in OpenSSL FreeBSD-SA-09:07.libc - Information leak in db(3) For background info, problem description, impact, workaround and solution, have a look at the individual advisory pages: openssl | libc
Continue reading...
16. July 2010
0 Comments