Countdown to importing BHyVe into FreeBSD

The BHyVe “BSD HyperVisor” developers Neel Natu and Peter Grehan have been hard at work preparing the project for merger into the main FreeBSD 10-CURRENT source tree and the result is a remarkably-usable system. These instructions will show you how to test a development snapshot based on FreeBSD 10.

Check out the CFT page for the instructions.

If you’re interested in finding out more about BHyve, visit the following pages: BHyVe Wiki  |  PDF presentation

 

FreeBSD Security Advisory (Bind)

The FreeBSD Security Team has identified an issue in Bind and has issued the following security advisory: FreeBSD-SA-12:06.bind (22/11/2012).

I. Background

BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server.

II. Problem Description

The BIND daemon would crash when a query is made on a resource record with RDATA that exceeds 65535 bytes. The BIND daemon would lock up when a query is made on specific combinations of RDATA.

III. Impact

A remote attacker can query a resolving name server to retrieve a record whose RDATA is known to be larger than 65535 bytes, thereby causing the resolving server to crash via an assertion failure in named.

For a workaround and solution, check out the security advisory: FreeBSD-SA-12:06.bind

An attacker who is in a position to add a record with RDATA larger than 65535 bytes to an authoritative name server can cause that server to crash by later querying for that record.

The attacker can also cause the server to lock up with specific combinations of RDATA.

GhostBSD 3.0 RC3 available for testing

Eric Turgeon has announced the availability of the third release candidate for GhostBSD 3.0. GhostBSD is a FreeBSD derivative that aims to make FreeBSD easier and bring GNOME to BSD users, although LXDE and OpenBox are also available. The third and last release candidate for upcoming 3.0 was recently released for final testing.

The third release candidate of GhostBSD 3.0 is now supporting Gnome 2, LXDE and Openbox Desktop and it is now available for testing. This is the last development release. While this is a release candidate, it might contain some bugs and other problems, which have not been discovered during beta tests so we still only encourage you to run it only on non-critical systems. Openbox is now part of GhostBSD development.

Announcement

PC-BSD 9.1 RC3 available for testing

According to a PC-BSD blog post, RC3 images for the upcoming PC-BSD 9.1 are now available for i386 and amd64 architectures.

Notable changes since the previous release candidate:

  • PC-BSD handbook has been updated for 9.1
  • Fixed bug where some keyboard layouts were not being displayed
  • Multiple functionality and stability improvements for EasyPBI
  • Multiple functionality and stability improvements for TrueOS
  • New functionality improvements including better detection added to the mount-tray
  • Fixed bug where default mount points were not being set correctly using ZFS mirror/raidz mode
  • Fixed bug where update manager was not displaying the proper error text when failing
  • Added new ability to create ZFS datasets for jail environments
  • Added UK wireless channel 12 support
  • Fixed bug where Linux jails were not importing properly
  • Mirrors are now auto detected and set based upon location
  • Automatic ZFS 4K blocksize enabled by default
  • System manager should now show the correct dialog for “default”
    auto-detected mirrors.

If you come across any issues or bugs, please let the team know via the testing mailinglist.

Security Incident on FreeBSD Infrastructure

The FreeBSD Security Team has announced that on 11 November two servers as part of the FreeBSD.org hosting infrastructure have been compromised.

The compromise is believed to have occurred due to the leak of an SSH key from a developer who legitimately had access to the machines in question, and was not due to any vulnerability or code exploit within FreeBSD.

No part of the base FreeBSD system has been put at risk and at no point has the intruder modified any part of the FreeBSD base system software. However, the attacker had access sufficient to potentially allow the compromise of third-party packages. No evidence of this has been found during in-depth analysis.

On Sunday 11th of November, an intrusion was detected on two machines within the FreeBSD.org cluster. The affected machines were taken offline for analysis. Additionally, a large portion of the remaining infrastructure machines were also taken offline as a precaution.
We have found no evidence of any modifications that would put any end user at risk. However, we do urge all users to read the report available at http://www.freebsd.org/news/2012-compromise.html and decide on any required actions themselves. We will continue to update that page as further information becomes known. We do not currently believe users have been affected given current forensic analysis, but we will provide updated information if this changes.
As a result of this event, a number of operational security changes are being made at the FreeBSD Project, in order to further improve our resilience to potential attacks. We plan, therefore, to more rapidly deprecate a number of legacy services, such as cvsup distribution of FreeBSD source, in favour of our more robust Subversion, freebsd-update, and portsnap models.
More information is available at http://www.freebsd.org/news/2012-compromise.html

M0n0wall 1.34 Released

Manuel Kasper has announced a maintenance version in the m0n0wall 1.3 branch: m0n0wall 1.34. This version includes CSRF-related fixes as well as a few other security-relevant updates.

There are no major functionality changes, but those who use the traffic shaper extensively may be interested in the fact that the rules can now finally be moved around just like on the firewall rules page.

M0n0wall website  |  Downloads and Changelog  |  Announcement

About M0n0BSD: M0n0wall is an embedded firewall distribution based on FreeBSD, and provides a small image which can be put on and run from CF cards, CD-Roms and hard disks. It also runs on a number of embedded platforms and virtual PCs.

New FreeBSD Foundation Funded Project: Porting Efika

The FreeBSD Foundation has announced that Aleksandr Rybalko has been awarded a grant to port FreeBSD to the Genesi Efika MX SmartBook laptop and SmartTop nettop devices.

Both use the Freescale i.MX515, an ARM Cortex-A8 System-on-Chip (SoC). These low power devices will provide convenient reference platforms for FreeBSD on ARM, as they are low-cost complete systems. The Smartbook includes a 10″ display, 3G connectivity and a battery life of 6 to 8 hours for $199.

When this project is completed, it will be possible to run X11 applications on FreeBSD on the Efika, with full support for sound and networking.  It will also make it much easier to support other devices, such as some Android tablets, that ship with the i.MX515 SoC.

This project will be completed by the end of 2012.

Efika is a line of power efficient ARM architecture and Power Architecture based computers manufactured by Genesi. In Esperanto efika means “efficacious, effective, or efficient” (wikipedia).