From owner-freebsd-announce Sun Nov 19 19:51:57 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 0020937B479; Sun, 19 Nov 2000 19:51:46 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: New security policy for FreeBSD 3.x Reply-To: security-advisories@freebsd.org Message-Id: <20001120035146.0020937B479@hub.freebsd.org> Date: Sun, 19 Nov 2000 19:51:46 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- The FreeBSD Security Officer would like to announce a change in policy regarding security support for the FreeBSD 3.x branch. Due to the frequent difficulties encountered in fixing the old code contained in FreeBSD 3.x, we will no longer be requiring security problems to be fixed in that branch prior to the release of an advisory that also pertains to FreeBSD 4.x. In recent months this requirement has led to delays in the release of advisories, which negatively impacts users of the current FreeBSD release branch (FreeBSD 4.x). Security fixes which are committed to FreeBSD 3.5.1-STABLE prior to the advisory release will be included in the advisory, but the advisory release will not be delayed awaiting a fix in the 3.x branch when a fix is already in place in FreeBSD 4.x. Serious vulnerabilities will result in a reissue of the advisory once the problem is corrected in 3.5.1-STABLE. For less serious vulnerabilities a notification will be sent to the freebsd-security@FreeBSD.org mailing list only, to reduce overall subscriber traffic on the freebsd-security-notifications and freebsd-announce mailing lists. We will continue endeavouring to ensure that applicable security fixes are merged back to the 3.x branch by FreeBSD developers, and to work with them to develop or merge the appropriate fix prior to the advisory release, however as the 3.x branch is approaching end of life we anticipate that there may be an increasing time lag between the time of fix of a vulnerability in 4.x and when it is backported to 3.x. Given this reality, users are encouraged to consider plans to migrate security-critical systems to the 4.x branch over the coming months. FreeBSD committers who are interested in providing security support for older branches of FreeBSD should contact the Security Officer and they will be kept informed of fixes which require merging to the older branches. Comments on this policy are welcomed - please reply to security-officer@FreeBSD.org. Regards, Kris Kennaway FreeBSD Security Officer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOhifmlUuHi5z0oilAQHnBQP9ETb9xz1UGvU3JxbuvnKXlw6yFFQN15tN 7uwWdmA07FdoiLslK2O9zuR43pHv0HIprbdZVkXBSe4nOfBBaEgarcD/1kW+NVCr AjOuQQGUl/OjsdyzY524gWylSOg1aI7Lkf+RsUQWOS7Epe1kNCTJzC72SMtk70DH LMnQGgcDMpo= =I6rL -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Mon Nov 20 13:27:43 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id BE24037B4CF; Mon, 20 Nov 2000 13:27:27 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:71.mgetty Reply-To: security-advisories@freebsd.org Message-Id: <20001120212727.BE24037B4CF@hub.freebsd.org> Date: Mon, 20 Nov 2000 13:27:27 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:71 Security Advisory FreeBSD, Inc. Topic: mgetty can create or overwrite files Category: ports Module: mgetty Announced: 2000-11-20 Credits: Stan Bubrouski Affects: Ports collection prior to the correction date. Corrected: 2000-9-10 Vendor status: Updated version released FreeBSD only: NO I. Background mgetty is a replacement for the getty utility designed for use with data and fax modems. II. Problem Description The mgetty port, versions prior to 1.1.22.8.17, contains a vulnerability that may allow local users to create or overwrite any file on the system. This is due to the faxrunqd daemon (which usually runs as root) following symbolic links when creating a .last_run file in the world-writable /var/spool/fax/outgoing/ directory. This presents a denial of service attack since the attacker can cause critical system files to be overwritten, but it is not believed the attacker has the ability to control the contents of the overwritten file. Therefore the possibility of using this attack to elevate privileges is believed to be minimal. The mgetty port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4100 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 contain this problem since it was discovered after the releases, but it was corrected prior to the release of FreeBSD 4.2. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Unprivileged local users may create or overwrite any file on the system. If you have not chosen to install the mgetty port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the mgetty port/package, if you you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the mgetty port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/comms/mgetty-1.1.22.8.17.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/comms/mgetty-1.1.22.8.17.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/comms/mgetty-1.1.22.8.17.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/comms/mgetty-1.1.22.8.17.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/comms/mgetty-1.1.22.8.17.tgz 3) download a new port skeleton for the mgetty port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOhmWG1UuHi5z0oilAQE5jAP+Lj1qI76n/cHjmfR05NTckZ4EI1Fkt708 zZfEL9B4y8FCgluw9nLNhVKHYjkQFg/b0SEgBetElPu+k6ivcu9EqI2Gk4RIyT82 HJFqOOnvX2yodMgZo1NozEot3aw3DIQg8TFs0Z/w0E4e+02iCytPmZYfrE5vbWif q1qAcFpgJWE= =l2yv -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Mon Nov 20 13:29:12 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 458E837B4CF; Mon, 20 Nov 2000 13:28:54 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:72.curl Reply-To: security-advisories@freebsd.org Message-Id: <20001120212854.458E837B4CF@hub.freebsd.org> Date: Mon, 20 Nov 2000 13:28:54 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:72 Security Advisory FreeBSD, Inc. Topic: curl client-side vulnerability Category: ports Module: curl Announced: 2000-11-20 Credits: Wichert Akkerman Affects: Ports collection prior to the correction date. Corrected: 2000-10-30 Vendor status: Updated version released FreeBSD only: NO I. Background curl is a multi-protocol file retrieval tool. II. Problem Description The curl port, versions prior to 7.4.1, allows a client-side exploit through a buffer overflow in the error handling code. A malicious ftp server operator can cause arbitrary code to be executed by the user running the curl client. The curl port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4100 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 contain this problem since it was discovered after the releases, but it was corrected prior to the release of FreeBSD 4.2. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Malicious FTP server operators can execute arbitrary code on the local system when a file is downloaded from this server. If you have not chosen to install the curl port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the curl port/package, if you you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the curl port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/ftp/curl-7.4.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/curl-7.4.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/ftp/curl-7.4.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/curl-7.4.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/ftp/curl-7.4.1.tgz 3) download a new port skeleton for the curl port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOhmXtlUuHi5z0oilAQGoWwP8D4Do6NX9PMIrCaky4BU4rj37l5PO7kHn h94zc2ISFpX5IBceUDCbVNjJJPkA8hXHhWXHZulpruu6yza/V9Oo3Uz86HrzY4Tw 7Rj3iwQ/5/wJW3Ya/BcnBozk1/NlnAxGzKluTOlHe8UCFPV8JtCrE5RPRHMQ3BP8 IN3EDVdvLzw= =EQge -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Mon Nov 20 13:30: 0 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id C4AB237B682; Mon, 20 Nov 2000 13:29:17 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:73.thttpd Reply-To: security-advisories@freebsd.org Message-Id: <20001120212917.C4AB237B682@hub.freebsd.org> Date: Mon, 20 Nov 2000 13:29:17 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:73 Security Advisory FreeBSD, Inc. Topic: thttpd allows remote reading of local files Category: ports Module: thttpd Announced: 2000-11-20 Credits: ghandi@MINDLESS.COM Affects: Ports collection prior to the correction date. Corrected: 2000-10-30 Vendor status: Updated version released FreeBSD only: NO I. Background thttpd is a simple, small, fast HTTP server. II. Problem Description The thttpd port, versions prior to 2.20, allows remote viewing of arbitrary files on the local server. The 'ssi' cgi script does not correctly restrict URL-encoded requests containing ".." in the path. In addition, the cgi script does not have the same restrictions as the web server for preventing requests outside of the web root. These two flaws allow remote users to access any file on the system accessible to the web server user (user 'nobody' in the default configuration). The thttpd port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4100 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 contain this problem since it was discovered after the releases, but it was corrected prior to the release of FreeBSD 4.2. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Remote users may access any file on the system accessible to the web server user (user 'nobody' in the default installation). If you have not chosen to install the thttpd port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the thttpd port/package, if you you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the thttpd port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/thttpd-2.20b.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/thttpd-2.20b.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/thttpd-2.20b.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/thttpd-2.20b.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/thttpd-2.20b.tgz 3) download a new port skeleton for the thttpd port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOhmWNFUuHi5z0oilAQF1sQP9Fc/jBFjSNhzGIGc+bglEOiepdajSk3Ep wtoLUQJug56qcbUtxgg6FxbDv7xW/uYZ1YKWYQsjAr0tyYv+zTSVgvxAhREY1En2 TIqrRTjTPir5yAodzsVvueTdjVhgQhWKHlrNMUKK3hfWoeLXiLhtFTDn8jam/2pO tw8I3tWT16I= =+HRv -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Mon Nov 20 13:31: 0 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 0DFBE37B68D; Mon, 20 Nov 2000 13:29:49 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:74.php Reply-To: security-advisories@freebsd.org Message-Id: <20001120212949.0DFBE37B68D@hub.freebsd.org> Date: Mon, 20 Nov 2000 13:29:49 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:75 Security Advisory FreeBSD, Inc. Topic: mod_php3/mod_php4 allows remote code execution Category: ports Module: mod_php3/mod_php4 Announced: 2000-11-20 Credits: Jouko Pynnönen Affects: Ports collection prior to the correction date. Corrected: 2000-10-12 (mod_php4), 2000-10-18 (mod_php3) Vendor status: Updated version released FreeBSD only: NO I. Background php is a commonly used HTML-embedded scripting language. II. Problem Description The mod_php ports, versions prior to 3.0.17 (mod_php3) and 4.0.3 (mod_php4), contain a potential vulnerablilty that may allow a malicious remote user to execute arbitrary code as the user running the web server, typically user 'nobody'. The vulnerability is due to a format string vulnerability in the error logging routines. A web server is vulnerable if error logging is enabled in php.ini. Additionally, individual php scripts may cause the web server to be vulnerable if the script uses the syslog() php function regardless of error logging in php.ini. The mod_php ports are not installed by default, nor are they "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4100 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 contain this problem since it was discovered after the releases, but it was corrected prior to the release of FreeBSD 4.2. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Malicious remote users can execute arbitrary code on the local system as the user running the webserver (typically user 'nobody'). This vulnerability requires error logging to be enabled in php.ini or by using the syslog() php function in a script. If you have not chosen to install the mod_php3 or mod_php4 port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the mod_php3/mod_php4 port/package, if you you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the mod_php3/mod_php4 port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: [php3] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-3.0.17.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-3.0.17.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-3.0.17.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-3.0.17.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-3.0.17.tgz [php4] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-4.0.3pl1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-4.0.3pl1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-4.0.3pl1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-4.0.3pl1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-4.0.3pl1.tgz 3) download a new port skeleton for the mod_php3/mod_php4 port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOhmWdlUuHi5z0oilAQHlCQP/W+MsHrhJbBEg8JRhw5ZoGh8DI/KHD6gT PYgaIhr72vmHYN7xtkuHDxV1C5O15YC+z7CzZseYvpdfBDVDm3qKwBQdN5EuumQg 09LHPZEwayLYlgdRmoRQiP8OGsrYER29sYFQZlKvf8ZJw4tZkwJKPmpGBO5bxvSk +N5lbHKNdHw= =gy7y -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Mon Nov 20 13:37: 9 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 7285337B4C5; Mon, 20 Nov 2000 13:36:45 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd [REVISED] Reply-To: security-advisories@freebsd.org Message-Id: <20001120213645.7285337B4C5@hub.freebsd.org> Date: Mon, 20 Nov 2000 13:36:45 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:69 Security Advisory FreeBSD, Inc. Topic: telnetd allows remote system resource consumption [REVISED] Category: core Module: telnetd Announced: 2000-11-14 Revised: 2000-11-20 Credits: Jouko Pynnonen Affects: FreeBSD 3.x (all releases), FreeBSD 4.x (all releases prior to 4.2), FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior to the correction date. Corrected: 2000-11-19 (FreeBSD 4.1.1-STABLE) 2000-11-19 (FreeBSD 3.5.1-STABLE) FreeBSD only: NO 0. Revision History v1.0 2000-11-14 Initial release v1.1 2000-11-20 Corrected patch, pointed out by Christos Zoulas I. Background telnetd is the server for the telnet remote login protocol. II. Problem Description The telnet protocol allows for UNIX environment variables to be passed from the client to the user login session on the server. However, some of these environment variables have special meaning to the telnetd child process itself and may be used to affect its operation. Of particular relevance is the ability for remote users to cause an arbitrary file on the system to be searched for termcap data by passing the TERMCAP environment variable. Although any file on the local system can be read since the telnetd server runs as root, the contents of the file will not be reported in any way to the remote user unless it contains a valid termcap entry, in which case the corresponding termcap sequences will be used to format the output sent to the client. It is believed there is no risk of data disclosure through this vulnerability. However, an attacker who forces the server to search through a large file or to read from a device can cause resources to be spent by the server, including CPU cycles and disk read bandwidth, which can increase the server load and may prevent it from servicing legitimate user requests. Since the vulnerability occurs before the login(1) utility is spawned, it does not require authentication to a valid account on the server in order to exploit. All released versions of FreeBSD prior to the correction date including 4.0, 4.1, 4.1.1 and 3.5.1 are vulnerable to this problem, but it was fixed in the 4.1.1-STABLE branch prior to the release of FreeBSD 4.2-RELEASE. III. Impact Remote users without a valid login account on the server can cause resources such as CPU and disk read bandwidth to be consumed, causing increased server load and possibly denying service to legitimate users. IV. Workaround 1) Disable the telnet service, which is usually run out of inetd: comment out the following lines in /etc/inetd.conf, if present. telnet stream tcp nowait root /usr/libexec/telnetd telnetd telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd 2) Impose access restrictions using TCP wrappers (/etc/hosts.allow), or a network-level packet filter such as ipfw(8) or ipf(8) on the perimeter firewall or the local machine, to limit access to the telnet service to trusted machines. V. Solution One of the following: 1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or 3.5.1-STABLE after the respective correction dates. Note that the original patch was incorrect and caused telnetd to behave incorrectly in certain situations. 2) Apply the patch below and recompile the relevant files: Either save this advisory to a file, or download the patch and detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:69/telnetd.patch.v1.1 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:69/telnetd.patch.v1.1.asc Execute the following commands as root: # cd /usr/src/libexec/telnetd # patch -p < /path/to/patch_or_advisory # make depend && make all install Updated patch for vulnerable systems: Index: ext.h =================================================================== RCS file: /home/ncvs/src/libexec/telnetd/ext.h,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- ext.h 1999/08/28 00:10:22 1.7 +++ ext.h 2000/11/19 10:01:27 1.8 @@ -87,7 +87,7 @@ #endif extern int pty, net; -extern char *line; +extern char line[16]; extern int SYNCHing; /* we are in TELNET SYNCH mode */ #ifndef P Index: sys_term.c =================================================================== RCS file: /home/ncvs/src/libexec/telnetd/sys_term.c,v retrieving revision 1.24 retrieving revision 1.26 diff -u -r1.24 -r1.26 --- sys_term.c 1999/08/28 00:10:24 1.24 +++ sys_term.c 2000/11/19 10:01:27 1.26 @@ -480,14 +480,10 @@ * * Returns the file descriptor of the opened pty. */ -#ifndef __GNUC__ -char *line = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; -#else -static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; -char *line = Xline; -#endif #ifdef CRAY -char *myline = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; +char myline[16]; +#else +char line[16]; #endif /* CRAY */ int @@ -1799,6 +1795,13 @@ strncmp(*cpp, "_RLD_", 5) && strncmp(*cpp, "LIBPATH=", 8) && #endif + strncmp(*cpp, "LOCALDOMAIN=", 12) && + strncmp(*cpp, "RES_OPTIONS=", 12) && + strncmp(*cpp, "TERMINFO=", 9) && + strncmp(*cpp, "TERMINFO_DIRS=", 14) && + strncmp(*cpp, "TERMPATH=", 9) && + strncmp(*cpp, "TERMCAP=/", 9) && + strncmp(*cpp, "ENV=", 4) && strncmp(*cpp, "IFS=", 4)) *cpp2++ = *cpp; } Index: telnetd.c =================================================================== RCS file: /home/ncvs/src/libexec/telnetd/telnetd.c,v retrieving revision 1.22 retrieving revision 1.24 diff -u -r1.22 -r1.24 --- telnetd.c 2000/01/25 14:52:00 1.22 +++ telnetd.c 2000/11/19 10:01:27 1.24 @@ -805,13 +805,12 @@ #else for (;;) { char *lp; - extern char *line, *getpty(); if ((lp = getpty()) == NULL) fatal(net, "Out of ptys"); if ((pty = open(lp, 2)) >= 0) { - strcpy(line,lp); + strlcpy(line,lp,sizeof(line)); line[5] = 't'; break; } @@ -1115,7 +1114,7 @@ IM = Getstr("im", &cp); IF = Getstr("if", &cp); if (HN && *HN) - (void) strcpy(host_name, HN); + (void) strlcpy(host_name, HN, sizeof(host_name)); if (IF && (if_fd = open(IF, O_RDONLY, 000)) != -1) IM = 0; if (IM == 0) Index: utility.c =================================================================== RCS file: /home/ncvs/src/libexec/telnetd/utility.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- utility.c 1999/08/28 00:10:25 1.13 +++ utility.c 2000/10/31 05:29:54 1.14 @@ -330,7 +330,7 @@ { char buf[BUFSIZ]; - (void) sprintf(buf, "telnetd: %s.\r\n", msg); + (void) snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg); (void) write(f, buf, (int)strlen(buf)); sleep(1); /*XXX*/ exit(1); @@ -343,7 +343,7 @@ { char buf[BUFSIZ], *strerror(); - (void) sprintf(buf, "%s: %s", msg, strerror(errno)); + (void) snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno)); fatal(f, buf); } -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOhmZhlUuHi5z0oilAQECjQP/RJyFP/msuoNj1ebyeE4PjXHFV99FoVIY jeBCjheFN+9kVR2ZqGxzhF8Ds1jsHI2oURhjNwRkf+OGNzCfDKEseTa0/Aa59XG5 68O9DKP2CEZnNra3N5uWCBX7ozGI1iCfJkBstSXBhdpyeumOjhfkEF1cwvJldyWl YMIWv/MwRWs= =wuWd -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Mon Nov 20 13:39:44 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id D628E37B4D7; Mon, 20 Nov 2000 13:39:16 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:68.ncurses [REVISED] Reply-To: security-advisories@freebsd.org Message-Id: <20001120213916.D628E37B4D7@hub.freebsd.org> Date: Mon, 20 Nov 2000 13:39:16 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:68 Security Advisory FreeBSD, Inc. Topic: ncurses allows local privilege escalation [REVISED] Category: core, ports Module: ncurses Announced: 2000-11-13 Revised: 2000-11-20 Affects: FreeBSD 5.0-CURRENT, 4.x prior to the correction date. FreeBSD 3.x not yet fixed. Corrected: 2000-10-11 (FreeBSD 4.1.1-STABLE) 2000-11-10 (ncurses port) Credits: Jouko Pynnonen FreeBSD only: NO 0. Revision History v1.0 2000-11-13 Initial release v1.1 2000-11-20 Corrected status of 3.x, referenced ncurses port I. Background ncurses is a text-mode display library used for formatting the output of applications on a variety of terminals. It is externally maintained, contributed code which is included in FreeBSD by default. II. Problem Description There exists an overflowable buffer in the libncurses library in the processing of cursor movement capabilities. An attacker can force a privileged application to use the attacker's termcap file containing a specially crafted terminal entry, which will trigger the vulnerability when the vulnerable ncurses code is called. This allows them to execute arbitrary code on the local system with the privileges of the exploited binary. The systat utility included in the FreeBSD base system is known to use vulnerable ncurses routines. It runs with increased privileges as a member of the kmem group, which allows it to read from kernel memory (but not write to it). A process with the ability to read from kernel memory can monitor privileged data such as network traffic, disk buffers and terminal activity, and may be able to leverage this to obtain further privileges on the local system or on other systems, including root privileges. There may be other vulnerable applications included in the FreeBSD base system, but no others are confirmed to be vulnerable due to the difficulty in identifying a complete list of vulnerable ncurses functions. However the following is a complete list of FreeBSD system binaries which link against ncurses and run with increased privileges. They may or may not be vulnerable to exploitation. /usr/sbin/lpc /usr/bin/top /usr/bin/systat FreeBSD 3.x and earlier versions use a very old, customized version of ncurses which is difficult to update without breaking backwards-compatibility. The update was made for FreeBSD 4.0, but 3.x will not be updated to the newer version. At this stage the vulnerability has not been fixed in FreeBSD 3.x. The ncurses port (versions prior to 5.2) also contains this vulnerability. It was corrected prior to the release of FreeBSD 4.2. III. Impact Certain setuid/setgid software (including FreeBSD base system utilities and third party ports/packages) may be vulnerable to a local exploit yielding privileged access. The /usr/bin/systat utility is known to be vulnerable to this problem in ncurses. At this time is unknown whether /usr/bin/top and /usr/sbin/lpc are also affected. The problems were corrected prior to the release of FreeBSD 4.2. IV. Workaround It is not feasible to reliably detect binaries which are vulnerable to the ncurses vulnerability, however the provided utility will scan for privileged binaries which use ncurses and which may potentially be vulnerable. Some of the binaries reported may not in fact be vulnerable, but should be recompiled anyway for maximum assurance of security. Statically linked binaries which are identified as potentially vulnerable should be recompiled from source code if possible, after patching and recompiling libc, in order to correct the vulnerability. Dynamically linked binaries will be corrected by simply patching and recompiling libc as described below. As an interim measure, consider removing any identified setuid or setgid binary, removing set[ug]id privileges from the file, or limiting the file access permissions, as appropriate. Of course, it is possible that some of the identified files may be required for the correct operation of your local system, in which case there is no clear workaround except for limiting the set of users who may run the binaries, by an appropriate use of user groups and removing the "o+x" file permission bit. 1) Download the 'scan_ncurses.sh' and 'test_ncurses.sh' scripts from ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/scan_ncurses.sh ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/test_ncurses.sh e.g. with the fetch(1) command: # fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/scan_ncurses.sh Receiving scan_ncurses.sh (381 bytes): 100% 381 bytes transferred in 0.1 seconds (7.03 kBps) # fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/test_ncurses.sh Receiving test_ncurses.sh (604 bytes): 100% 604 bytes transferred in 0.1 seconds (6.55 kBps) 2) Verify the md5 checksums and compare to the value below: # md5 scan_ncurses.sh MD5 (scan_ncurses.sh) = 597f63af701253f053581aa1821cbac1 # md5 test_ncurses.sh MD5 (test_ncurses.sh) = 12491ceb15415df7682e3797de53223e 3) Run the scan_ncurses.sh script against your system: # chmod a+x ./test_ncurses.sh # sh scan_ncurses.sh ./test_ncurses.sh / This will scan your entire system for setuid or setgid binaries which make use of the ncurses library. Each returned binary should be examined (e.g. with 'ls -l' and/or other tools) to determine what security risk it poses to your local environment, e.g. whether it can be run by arbitrary local users who may be able to exploit it to gain privileges. 4) Remove the binaries, or reduce their file permissions, as appropriate. V. Solution Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE after the correction date, or patch your present system source code and rebuild. Then run the scan_ncurses.sh script as instructed in section IV and identify any statically-linked binaries as reported by the script. These should either be removed, recompiled, or have privileges restricted to secure them against this vulnerability (since statically-linked binaries will not be affected by simply recompiling the shared libc library). To patch your present system: download the updated ncurses code from the below location, and execute the following commands as root: # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:68/ncurses.tar.gz # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:68/ncurses.tar.gz.asc Verify the detached PGP signature using your PGP utility. cd /usr/src tar xvfz /path/to/ncurses.tar.gz cd /usr/src/lib/libncurses make all make install In contrast to the usual practise, a simple patch fixing the security vulnerability is not provided because the vendor did not make one available, and the updated ncurses snapshot which fixed it contains numerous other changes whose purpose and relation to the fix was unclear. [ncurses port] If you have installed a vulnerable version of the ncurses port, one of the following steps may be used to upgrade it: 1) Upgrade your entire ports collection and rebuild the ncurses port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/ncurses-5.2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/ncurses-5.2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/ncurses-5.2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/ncurses-5.2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/ncurses-5.2.tgz 3) download a new port skeleton for the ncurses port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOhmaFlUuHi5z0oilAQG5MwP9FStZoFKPCqfciIbIcFrE0wLYuEOeI24S j9D4rSwU1ALzHB7DMpeXmju5pDRROmgUTIOGnBN9FcXZly4lDN3Y9yyIeW6Ia5UZ wWbkhxsn573kD3P00WHAB1F1ccbbK4+SPNLkdJDgyyqAC4SdgeJEg5+z+Wcx7d3E t/Xsv/X1ylA= =ZiMW -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Mon Nov 20 14: 1:31 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id D4FC437B65F; Mon, 20 Nov 2000 14:01:11 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:76.tcsh-csh Reply-To: security-advisories@freebsd.org Message-Id: <20001120220111.D4FC437B65F@hub.freebsd.org> Date: Mon, 20 Nov 2000 14:01:11 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:76 Security Advisory FreeBSD, Inc. Topic: tcsh/csh creates insecure temporary file Category: core, ports Module: tcsh, 44bsd-csh Announced: 2000-11-20 Affects: FreeBSD 4.x, 3.x prior to the correction date. Corrected: 2000-11-04 (FreeBSD 4.1.1-STABLE) 2000-11-05 (FreeBSD 3.5.1-STABLE) 2000-11-09 (44bsd-csh port) 2000-11-19 (tcsh port) Credits: proton FreeBSD only: NO I. Background tcsh is an updated version of the traditional BSD C Shell (csh). Versions of csh and tcsh are included in the FreeBSD ports collection (tcsh, 44bsd-csh) and the FreeBSD base system (csh, tcsh). II. Problem Description The csh and tcsh code creates temporary files when the '<<' operator is used, however these are created insecurely and use a predictable filename based on the process ID of the shell. An attacker can exploit this vulnerability to overwrite an arbitrary file writable by the user running the shell. The contents of the file are overwritten with the text being entered using the '<<' operator, so it will usually not be under the control of the attacker. Therefore the likely impact of this vulnerability is a denial of service since the attacker can cause critical files writable by the user to be overwritten. It is unlikely, although possible depending on the circumstances in which the '<<' operator is used, that the attacker could exploit the vulnerability to gain privileges (this typically requires that they have control over the contents the target file is overwritten with). All versions of FreeBSD prior to the correction date are vulnerable to this problem: the /bin/csh shell included in the base system (which is the same as /bin/tcsh in recent versions) as well as the tcsh (versions prior to 6.09.03_1) and 44bsd-csh ports (versions prior to 44bsd-csh-20001106) in the ports collection. The problems with the base system shells and the 44bsd-csh port were resolved prior to the release of FreeBSD 4.2. The tcsh port was not fixed prior to the release, but the port is disabled in FreeBSD 4.2 since the same software exists in the base system. III. Impact Unprivileged local users can cause an arbitrary file writable by a victim to be overwritten when the victim invokes the '<<' operator in csh or tcsh (e.g. from within a shell script). If you have not installed the tcsh or 44bsd-csh ports on your 4.1.1-STABLE system dated after the correction date, your system is not vulnerable to this problem. IV. Workaround None practical. V. Solution Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE after the correction date, or patch your present system source code and rebuild. To patch your present system: download the relevant patch from the below location, and execute the following commands as root: [FreeBSD 4.x base system] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/tcsh.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/tcsh.patch.asc Verify the detached PGP signature using your PGP utility. cd /usr/src/contrib/tcsh patch -p < /path/to/patch cd /usr/src/bin/csh make depend && make all install [FreeBSD 3.x base system] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/csh.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/csh.patch.asc Verify the detached PGP signature using your PGP utility. cd /usr/src/bin/csh patch -p < /path/to/patch make depend && make all install [Ports collection] One of the following: 1) Upgrade your entire ports collection and rebuild the tcsh/44bsd-csh port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: [tcsh] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/tcsh-6.09.03_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/tcsh-6.09.03_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/tcsh-6.09.03_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/tcsh-6.09.03_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/tcsh-6.09.03_1.tgz [44bsd-csh] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/44bsd-csh-20001106.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/44bsd-csh-20001106.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/44bsd-csh-20001106.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/44bsd-csh-20001106.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/44bsd-csh-20001106.tgz 3) download a new port skeleton for the tcsh/44bsd-csh port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOhmfAlUuHi5z0oilAQGTBQP/fKPInKBn9a5NZSc5fWPYKdQda2gL1Mji bMaOpF6DiYb9NqKSQdBayq+cf3SI0tqnx0MWDads+Vx6E7zZJ1Eai8zXB0vx37sO vYULKsaK0Gp2wvPfEn0lDUN1l6tn7OQJIXg63i9qF2r/88G2stNbuxG6w++uponc PsehE1pTGQY= =ZAeV -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Tue Nov 21 4:32:23 2000 Delivered-To: freebsd-announce@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id AD13737B4CF for ; Tue, 21 Nov 2000 04:32:13 -0800 (PST) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.1/8.9.3) with ESMTP id eALCVnI71914 for ; Tue, 21 Nov 2000 04:31:49 -0800 (PST) (envelope-from jkh@winston.osd.bsdi.com) To: announce@freebsd.org Subject: FreeBSD 4.2-RELEASE is now available Date: Tue, 21 Nov 2000 04:31:48 -0800 Message-ID: <71910.974809908@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It is my almost excessive pleasure to announce the availability of FreeBSD 4.2-RELEASE, the very latest in 4.x-STABLE branch technology. Following the release of FreeBSD 4.1.1 in September, 2000, many bugs were fixed, important security issues dealt with, and a conservative number of new features added. Please see the release notes for more information. 4.2-RELEASE is now available for i386 and alpha in "FTP installable" form (ftp://ftp.freebsd.org/pub/FreeBSD/releases/${arch}/4.2-RELEASE) and can be installed directly over the net using the boot floppies or copied to a local NFS/ftp server. ISO (CD) Images --------------- We can't promise that all the mirror sites will carry the larger ISO image distributions, but they are at least available from: ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/${arch}/ISO-IMAGES/4.2-install.iso Where ${arch} is currently "i386" or "alpha". The i386 image is available at the time of this writing, the alpha ISO will follow in a day or so just as soon as all the packages are ready. If you can't afford the CDs, are impatient, or just want to use it for evangelism purposes, then by all means download the ISOs, otherwise please do continue to support the FreeBSD project by purchasing one of its official CD releases from BSDi. FreeBSD 4.2-RELEASE can be ordered as a 4 CD set from The FreeBSD Mall from where it will soon be shipping. Each CD sets contains the FreeBSD installation and application package bits for either the x86 or the alpha architecture (each architecture has its own CD set). For a set of distfiles used to build ports in the ports collection, please see also the FreeBSD Toolkit, a 6 CD set containing all such extra bits which we can no longer fit on the 4 CD sets. Please see http://www.freebsdmall.com or you can order by phone, postal mail, FAX or email at: BSDi 4041 Pike Lane, #F Concord CA, 94520 USA Phone: +1 925 674-0783 Fax: +1 925 674-0821 Tech Support: +1 925 603-1234 Email: orders@wccdrom.com WWW: http://www.wccdrom.com/ FreeBSD is also available via anonymous FTP from mirror sites in the following countries: Argentina, Australia, Brazil, Bulgaria, Canada, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Hong Kong, Hungary, Iceland, Ireland, Israel, Japan, Korea, Latvia, Malaysia, the Netherlands, Poland, Portugal, Rumania, Russia, Slovenia, South Africa, Spain, Sweden, Taiwan, Thailand, Elbonia, the Ukraine and the United Kingdom (and quite possibly several others which I've never even heard of :). Before trying the central FTP site, please check your regional mirror(s) first by going to: ftp://ftp..freebsd.org/pub/FreeBSD Any additional mirror sites will be labeled ftp2, ftp3 and so on. Thanks! - Jordan This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Wed Nov 22 10:14:58 2000 Delivered-To: freebsd-announce@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 46D1237B479 for ; Wed, 22 Nov 2000 10:14:53 -0800 (PST) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.1/8.9.3) with ESMTP id eAMIEQI79123 for ; Wed, 22 Nov 2000 10:14:26 -0800 (PST) (envelope-from jkh@winston.osd.bsdi.com) To: announce@freebsd.org Subject: 4.2-RELEASE ISO image for x86 updated. Date: Wed, 22 Nov 2000 10:14:26 -0800 Message-ID: <79119.974916866@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Due to a last-minute problem (a build error, not a bug with KDE or FreeBSD itself) which was discovered with the KDE packages on the Intel architecture ISO image for 4.2-RELEASE, I've updated the image at: ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/4.2-install.iso I also took the opportunity to include the windowmaker package, which was mistakenly left off (and referenced by one of FreeBSD's canned Desktop profiles). The new MD5 checksum for this image is: MD5 (4.2-install.iso) = 7eec8a2e4bc2211fccf18b5a6fd5b55e If you do not have any interest in installing the KDE desktop or windowmaker and you have already grabbed the previous installation ISO then you can safely ignore this announcement; nothing else was changed. Apologies to everyone who downloaded the first ISO image and had an unsatisfactory KDE experience. Excrement occurs. - Jordan This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message