From owner-freebsd-announce Thu Oct 10 6: 3:22 2002 Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C9B937B401; Thu, 10 Oct 2002 06:03:18 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4DCD043E88; Thu, 10 Oct 2002 06:03:17 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (jedgar@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g9AD3HCo040092; Thu, 10 Oct 2002 06:03:17 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: (from jedgar@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g9AD3HPe040090; Thu, 10 Oct 2002 06:03:17 -0700 (PDT) Date: Thu, 10 Oct 2002 06:03:17 -0700 (PDT) Message-Id: <200210101303.g9AD3HPe040090@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: jedgar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Notice FreeBSD-SN-02:06 Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SN-02:06 Security Notice The FreeBSD Project Topic: security issues in ports Announced: 2002-10-10 I. Introduction Several ports in the FreeBSD Ports Collection are affected by security issues. These are listed below with references and affected versions. All versions given refer to the FreeBSD port/package version numbers. The listed vulnerabilities are not specific to FreeBSD unless otherwise noted. These ports are not installed by default, nor are they ``part of FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of third-party applications in a ready-to-install format. FreeBSD makes no claim about the security of these third-party applications. See for more information about the FreeBSD Ports Collection. II. Ports +------------------------------------------------------------------------+ Port name: apache13, apache13+ipv6, apache13-fp, apache13-modssl and apache13-ssl Status: Fixed (apache13, apache13+ipv6, apache13-fp and apache13-modssl) Not fixed (apache13-ssl) Affected: versions < apache+ipv6-1.3.27 versions < apache+mod_ssl-1.3.27+2.8.11 versions < apache-1.3.27 versions < apache_fp-1.3.27 versions < ru-apache-1.3.27.30.16 Attackers can cause httpd to spawn new processes, or can kill other processes, resulting in denial of service. +------------------------------------------------------------------------+ Port name: gaim Affected: versions < gaim-0.59.1 Status: Fixed The URL handler in the manual browser option for Gaim before 0.59.1 fails to escape shell metacharacters in links. +------------------------------------------------------------------------+ Port name: gallery Affected: versions < gallery-1.3.1 Status: Fixed Remotely exploitable. +------------------------------------------------------------------------+ Port name: gtar Affected: versions < gtar-1.13.25_5 Status: Fixed Directory traversal bug allows files to be overwritten unexpectedly when an archive is extracted. +------------------------------------------------------------------------+ Port name: hylafax Affected: versions < hylafax-4.1.3 Status: Fixed Format string vulnerability and buffer overflow resulting in potential denial of service attack, arbitrary code execution as root, and elevation of privilege. +------------------------------------------------------------------------+ Port name: linux_base-6 Affected: versions < linux_base-6.1_2 Status: Fixed multiple vulnerabilities in Xlib +------------------------------------------------------------------------+ Port name: linux_base and linux_base-6 Affected: versions < linux_base-7.1_1 (linux_base) versions < linux_base-6.1_2 (linux_base-6) Status: Fixed XDR RPC and resolver buffer overflows in glibc +------------------------------------------------------------------------+ Port name: linux-flashplugin Affected: versions < linux-flashplugin-5.0r50 Status: Fixed A buffer overflow allowed execution of arbitrary code. Another bug allowed the contents of users' files to be sent to a malicious Web server. +------------------------------------------------------------------------+ Port name: mozilla, mozilla-devel Affected: versions < mozilla-1.0.1_1,2 (mozilla) versions < linux-mozilla-1.0_1 (mozilla-devel) Status: Not fixed An overflow exists in the Chatzilla IRC client. It can cause Mozilla to crash even if the demonstration page does not cause the crash. According to Robert Ginda, the bug does not allow execution of malicious code. Chatzilla had been disabled in the affected ports, but it was inadvertently enabled again. The presence of Chatzilla is indicated by an icon in the status bar, by an item in the Window menu, and by the existence of the chatzilla.jar file. As a workaround, remove chatzilla.jar. +------------------------------------------------------------------------+ Port name: opera Affected: versions < opera-6.03.20020813 Status: Fixed Buffer overflows in OpenSSL may allow execution of arbitrary code. +------------------------------------------------------------------------+ Port name: php Affected: versions mod_php4-4.0.5 to mod_php4-4.2.2 versions >= php4-4.0.5 to php4-4.2.2 Status: Fixed possible execution of arbitrary code via mail() function +------------------------------------------------------------------------+ Port name: pkzip Affected: all versions Status: Not Fixed If the -rec option is used when extracting an archive, files with "/" as the first character in the path, or with "../" may be extracted. +------------------------------------------------------------------------+ Port name: qmailadmin Affected: versions < qmailadmin-1.0.6 Status: Fixed Installs setuid with exploitable buffer overflow leading to privileges of `vpopmail' user. +------------------------------------------------------------------------+ Port name: unzip Affected: versions < unzip-5.50 Status: Fixed Files with "/" as the first character in the path, or with "../" in the path may be extracted from an archive. +------------------------------------------------------------------------+ Port name: webmin Affected: versions < webmin-1.020 Status: Fixed A prepackaged SSL key was identical for every installation, allowing sessions to be hijacked. +------------------------------------------------------------------------+ Port name: XFree86-4, XFree86-4-Server, XFree86-4-NestServer, XFree86-4-VirtualFramebufferServer, XFree86-4-libraries, XFree86-4-clients Affected: versions < XFree86-Server-4.2.1_1 versions < XFree86-libraries-4.2.1_1 versions < XFree86-clients-4.2.1_1 versions < XFree86-NestServer-4.2.1 versions < XFree86-VirtualFramebufferServer-4.2.1 Status: Fixed Arbitrary code execution in privileged clients; overwriting restricted shared memory segments; others. +------------------------------------------------------------------------+ Port name: xinetd Affected: versions < xinetd-2.3.7 Status: Fixed A file descriptor leak in xinetd could give an unprivileged process the ability to terminate the master xinetd process. +------------------------------------------------------------------------+ III. Upgrading Ports/Packages To upgrade a fixed port/package, perform one of the following: 1) Upgrade your Ports Collection and rebuild and reinstall the port. Several tools are available in the Ports Collection to make this easier. See: /usr/ports/devel/portcheckout /usr/ports/misc/porteasy /usr/ports/sysutils/portupgrade 2) Deinstall the old package and install a new package obtained from [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ Packages are not automatically generated for other architectures at this time. +------------------------------------------------------------------------+ FreeBSD Security Notices are communications from the Security Officer intended to inform the user community about potential security issues, such as bugs in the third-party applications found in the Ports Collection, which will not be addressed in a FreeBSD Security Advisory. Feedback on Security Notices is welcome at . -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: FreeBSD: The Power To Serve iQCVAwUBPaTD11UuHi5z0oilAQEXHgP9HR2gmVgRwAvKCqmlQVAEA6N3TwLFu1g/ QXOlOZB0asu4XCFzj7effNVrCMob93ZOMSjDo4+SdKdp11TX3SaOrP3mPUcaimbs owHZD77Rqb4fhajWVPjezYzXpJX0C7qb4HS7SnCzNde98PG+acVcvyGyqmY/9Yuy pVMUC9fjkFY= =ybhF -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Thu Oct 10 7:47:58 2002 Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5585D37B401 for ; Thu, 10 Oct 2002 07:47:56 -0700 (PDT) Received: from mail.freebsdmall.com (ns1.freebsdmall.com [66.220.2.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id C0D1843EAA for ; Thu, 10 Oct 2002 07:47:55 -0700 (PDT) (envelope-from murray@freebsdmall.com) Received: by mail.freebsdmall.com (Postfix, from userid 2074) id D8D3B2E89F; Thu, 10 Oct 2002 07:47:54 -0700 (PDT) Date: Thu, 10 Oct 2002 07:47:54 -0700 From: Murray Stokely To: announce@FreeBSD.org Subject: FreeBSD 4.7 Now Available Message-ID: <20021010074754.A1982@freebsdmall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i X-GPG-Key-ID: 1024D/0E451F7D X-GPG-Key-Fingerprint: E2CA 411D DD44 53FD BB4B 3CB5 B4D7 10A2 0E45 1F7D Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am happy to announce the availability of FreeBSD 4.7-RELEASE, the latest release of the FreeBSD -STABLE development branch. Since FreeBSD 4.6-RELEASE in June 2002, we have updated a number of software programs in the base system, such as GCC and sendmail. Several new drivers have been added for USB devices and disk controllers. We have also incorporated updates for XFree86 and our Linux compatibility libraries. FreeBSD 4.7 also incorporates all of the security and bug fixes from 4.6.2 (released in August 2002), including several ATA-related bugfixes, updates for OpenSSL and OpenSSH, and fixes to address several security advisories. For a complete list of new features and known problems, please see the release notes and errata list, available here: http://www.FreeBSD.org/releases/4.7R/relnotes.html http://www.FreeBSD.org/releases/4.7R/errata.html For more information about FreeBSD release engineering activities (including information about the upcoming FreeBSD 5.0), please see: http://www.FreeBSD.org/releng/ Availability - ------------ FreeBSD 4.7-RELEASE supports the i386 and alpha architectures and can be installed directly over the net using the boot floppies or copied to a local NFS/FTP server. Distributions for the i386 are available now. As of this writing, the final builds for the alpha architecture are in progress and will be made available shortly. Please continue to support the FreeBSD Project by purchasing media from one of our supporting vendors. The following companies will be offering FreeBSD 4.7 based products: FreeBSD Mall, Inc. http://www.freebsdmall.com/ Daemonnews, Inc. http://www.bsdmall.com/freebsd1.html If you can't afford FreeBSD on media, are impatient, or just want to use it for evangelism purposes, then by all means download the ISO images. We can't promise that all the mirror sites will carry the larger ISO images, but they will at least be available from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ ftp://ftp12.FreeBSD.org/pub/FreeBSD/ ftp://ftp.tw.FreeBSD.org/pub/FreeBSD/ ftp://ftp{2,3,4,5}.jp.freebsd.org/pub/FreeBSD/ ftp://ftp.cz.FreeBSD.org/pub/FreeBSD/ ftp://ftp7.de.FreeBSD.org/pub/FreeBSD/ ftp://ftp.lt.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.za.FreeBSD.org/pub/FreeBSD/ ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ ftp://ftp{1,2,4}.ru.FreeBSD.org/pub/FreeBSD/ FreeBSD is also available via anonymous FTP from mirror sites in the following countries: Argentina, Australia, Brazil, Bulgaria, Canada, China, Czech Republic, Denmark, Estonia, Finland, France, Germany, Hong Kong, Hungary, Iceland, Ireland, Japan, Korea, Lithuania, the Netherlands, New Zealand, Poland, Portugal, Romania, Russia, Saudi Arabia, South Africa, Slovak Republic, Slovenia, Spain, Sweden, Taiwan, Thailand, Ukraine, and the United Kingdom. Before trying the central FTP site, please check your regional mirror(s) first by going to: ftp://ftp..FreeBSD.org/pub/FreeBSD Any additional mirror sites will be labeled ftp2, ftp3 and so on. More information about FreeBSD mirror sites can be found at: http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html For instructions on installing FreeBSD, please see Chapter 2 of The FreeBSD Handbook. It provides a complete installation walk-through for users new to FreeBSD, and can be found online at: http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/install.html Acknowledgments - --------------- Many companies donated equipment, network access, or man-hours to finance the release engineering activities for FreeBSD 4.7 including The FreeBSD Mall, Compaq, Yahoo!, Sentex Communications, and NTT/Verio. In addition to myself, the release engineering team for 4.7-RELEASE includes: Bruce A. Mah Release Engineering, Documentation Robert Watson Release Engineering, Security John Baldwin Release Engineering Brian Somers Release Engineering Kris Kennaway Package Building Will Andrews Package Building Steve Price Package Building Jacques A. Vidrine Security Officer -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE9pZKQtNcQog5FH30RAn6eAKCn5y4YdfYdz5ObikGEYQyX3V5hSgCgiKu7 qaqHWC00BrlhGccLvw1ySWo= =xa1d -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Fri Oct 11 20:49:47 2002 Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BBA637B401 for ; Fri, 11 Oct 2002 20:32:22 -0700 (PDT) Received: from vnode.vmunix.com (vnode.vmunix.com [209.112.4.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87A4443E42 for ; Fri, 11 Oct 2002 20:32:21 -0700 (PDT) (envelope-from chrisc@vmunix.com) Received: by vnode.vmunix.com (Postfix, from userid 1005) id CDE1715; Fri, 11 Oct 2002 23:32:20 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by vnode.vmunix.com (Postfix) with ESMTP id B1AD249A16 for ; Fri, 11 Oct 2002 23:32:20 -0400 (EDT) Date: Fri, 11 Oct 2002 23:32:20 -0400 (EDT) From: Chris Coleman To: announce@freebsd.org Subject: BSD Print Magazine Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Daemon News is pleased to announce issue #7 of the print magazine. The Daemon News print magazine is an excellent resource for BSD sysadmins to read and use on the job, or just to have lying around the office for others to pickup and take an interest in BSD. The print magazine includes articles that have not appeared on the online ezine as well as really cool artwork that you won't see anywhere else. Table of Contents: * Securing BSD: An ssh Primer - Chris Coleman * Wrangling Processes with sysctl on NetBSD - Sean Davis * Java & Jakarta Tomcat on FreeBSD - Victoria Chan and Hiten Pandya * Friendlier Disk Quotas - Tom Rhodes * Managing Websites with OpenBSD - Peter Schmiedeskamp * Installing Webpages with Make - Nik Clayton Featured Artwork: * Cover -- Daemon Crop Circle (Yes our staff was abducted.) * Sysctl -- Cowboy Daemon Wrangling * Jakarta -- Tom Cat sipping Java w/BSD t-shirt * Securing BSD -- BSD Daem protected by secret service Daemons. http://www.bsdmall.com/magazines.html BTW: Issue 2 and Issue 4 are in very limited supply, so if you are interested in the back issues, you need to order today. I expect they could be gone by the time this e-mail gets fully delivered, so it's first come first served. When they are out, there aren't anymore. Issue 2 - http://www.bsdmall.com/dnmagis2jan.html Issue 4 - http://www.bsdmall.com/dnmagis4may.html Chris Coleman Editor in Chief Daemon News E-Zine http://www.daemonnews.org Print Magazine http://magazine.daemonnews.org BSD Mall http://www.bsdmall.com This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message