From owner-freebsd-security@FreeBSD.ORG Thu Aug 19 19:08:07 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id D8B7E10656AB for ; Thu, 19 Aug 2010 19:08:07 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from xps.daemonology.net (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx2.freebsd.org (Postfix) with SMTP id 7657314F027 for ; Thu, 19 Aug 2010 19:08:07 +0000 (UTC) Received: (qmail 10193 invoked from network); 19 Aug 2010 19:08:07 -0000 Received: from unknown (HELO xps.daemonology.net) (127.0.0.1) by localhost with SMTP; 19 Aug 2010 19:08:07 -0000 Message-ID: <4C6D8117.7020200@freebsd.org> Date: Thu, 19 Aug 2010 12:08:07 -0700 From: FreeBSD Security Officer Organization: FreeBSD Project User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.11) Gecko/20100803 Thunderbird/3.0.6 MIME-Version: 1.0 To: freebsd security X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: FreeBSD-SA-10:07.mbuf exploit in the wild X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: security-officer@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Aug 2010 19:08:07 -0000 Hi all, If you haven't updated your affected systems for FreeBSD-SA-10:07.mbuf yet, there's another reason to do it now: Exploit code was posted earlier today to the full-disclosure list. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid From owner-freebsd-security@FreeBSD.ORG Thu Aug 19 20:15:49 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D4BE210656A8 for ; Thu, 19 Aug 2010 20:15:49 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout024.mac.com (asmtpout024.mac.com [17.148.16.99]) by mx1.freebsd.org (Postfix) with ESMTP id BDBE08FC08 for ; Thu, 19 Aug 2010 20:15:49 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=us-ascii Received: from cswiger1.apple.com ([17.209.4.71]) by asmtp024.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0L7E00JMWYTF4N90@asmtp024.mac.com> for freebsd-security@freebsd.org; Thu, 19 Aug 2010 12:15:15 -0700 (PDT) X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=6.0.2-1004200000 definitions=main-1008190151 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.0.10011,1.0.148,0.0.0000 definitions=2010-08-19_09:2010-08-19, 2010-08-19, 1970-01-01 signatures=0 From: Chuck Swiger In-reply-to: <4C6D8117.7020200@freebsd.org> Date: Thu, 19 Aug 2010 12:15:14 -0700 Message-id: <1273D003-C9CA-47EE-8E50-E5D626869E26@mac.com> References: <4C6D8117.7020200@freebsd.org> To: freebsd security X-Mailer: Apple Mail (2.1081) Subject: Re: FreeBSD-SA-10:07.mbuf exploit in the wild X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Aug 2010 20:15:49 -0000 Hi-- On Aug 19, 2010, at 12:08 PM, FreeBSD Security Officer wrote: > If you haven't updated your affected systems for FreeBSD-SA-10:07.mbuf yet, > there's another reason to do it now: Exploit code was posted earlier today > to the full-disclosure list. Is it confirmed that this advisory does *not* apply to RELENG_6_4...? Regards, -- -Chuck From owner-freebsd-security@FreeBSD.ORG Fri Aug 20 02:30:07 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F87D10656A5 for ; Fri, 20 Aug 2010 02:30:07 +0000 (UTC) (envelope-from cfp@ruxcon.org.au) Received: from ruxcon.org.au (ruxcon.org.au [173.230.155.250]) by mx1.freebsd.org (Postfix) with ESMTP id 4F6418FC0C for ; Fri, 20 Aug 2010 02:30:07 +0000 (UTC) Received: by ruxcon.org.au (Postfix, from userid 5001) id 21AC489C6; Fri, 20 Aug 2010 12:13:32 +1000 (EST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on ruxcon.org.au X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.3.1 Received: from ruxcon.org.au (localhost [127.0.0.1]) by ruxcon.org.au (Postfix) with ESMTP id B32B589DC for ; Fri, 20 Aug 2010 12:13:21 +1000 (EST) From: cfp@ruxcon.org.au To: freebsd-security@freebsd.org Message-Id: <20100820021321.B32B589DC@ruxcon.org.au> Date: Fri, 20 Aug 2010 12:13:21 +1000 (EST) Subject: Ruxcon 2010 Final Call For Papers X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Aug 2010 02:30:07 -0000 RUXCON 2010 FINAL CALL FOR PAPERS Ruxcon would like to announce the final call for papers for the sixth annual Ruxcon conference. This year the conference will take place over the weekend of 20th and 21st of November. Ruxcon will be held at CQ, Melbourne, Australia. The deadline for submissions is the 10th of October. What is Ruxcon? Ruxcon is the premiere technical computer security conference within Australia. Ruxcon aspires to bring together the individual talents of the best and the brightest security folk within the Aus-Pacific region, through live presentations, activities, and demonstrations. Ruxcon's unique approach to running a security conference ensures that the conference is accessible to all levels of the security industry. Ruxcon aims to be the most interesting, thought provoking, and relevant information security conference in Australia. The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expanding their knowledge of security. Live presentations and activities will cover a full range of defensive and offensive security topics, varying from previously unpublished research to required reading for the security community. For more information, please visit http://www.ruxcon.org.au Presentation Information Presentations will be 50 minutes in length, and should be fully supplemented with slides and any other relevant material. Presentation Submissions Ruxcon would like to invite people who are interested to submit a presentation. Topics of interest include, but are not limited to:    * Mobile Device Security    * Virtualisation, Hypervisor and Cloud Security    * Malware Analysis    * Reverse Engineering    * Exploitation Techniques    * Rootkit Development    * Code Analysis    * Forensics and Anti-Forensics    * Embedded Device Security    * Web Application Security    * Network Traffic Analysis    * Wireless Network Security    * Cryptography and Cryptanalysis    * Social Engineering    * Law Enforcement Activities    * Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc) Submissions should thoroughly outline your desired presentation subject. Accompanying your submission should be the slides you intend to use or a detailed paper explaining your subject. If you have any enquiries about submissions, or would like to make a submission, please send an e-mail to presentations@ruxcon.org.au. The deadline for submissions is the 10th of October. If approved we will additionally require:   1. A brief personal biography (between 2-5 paragraphs in length).   2. A description on your presentation (between 2-5 paragraphs in length). Contact Details Presentation Submissions: presentations@ruxcon.org.au General Enquiries: ruxcon@ruxcon.org.au