Date: Fri, 23 Dec 2011 17:45:42 +0100 From: "Bas Smeelen" <b.smeelen@ose.nl> To: freebsd-questions@freebsd.org Subject: Fw: Merry Christmas from the FreeBSD Security Team Message-ID: <20111223164542.b74a8519@mail.ose.nl>
next in thread | raw e-mail | index | archive | help
=5F=5F=5F=5F=5F =20 From: FreeBSD Security Officer [mailto:cperciva@freebsd.org] To: freebsd-security@freebsd.org Sent: Fri, 23 Dec 2011 16:41:20 +0100 Subject: Merry Christmas from the FreeBSD Security Team -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, No, the Grinch didn't steal the FreeBSD security officer GPG key, and yo= ur eyes aren't deceiving you: We really did just send out 5 security advisories. The timing, to put it bluntly, sucks. We normally aim to release adviso= ries on Wednesdays in order to maximize the number of system administrators who = will be at work already; and we try very hard to avoid issuing advisories any ti= me close to holidays for the same reason. The start of the Christmas weekend -- = in some parts of the world it's already Saturday -- is absolutely not when we wa= nt to be releasing security advisories. Unfortunately my hand was forced: One of the issues (FreeBSD-SA-11:08.te= lnetd) is a remote root vulnerability which is being actively exploited in the = wild; bugs really don't come any worse than this. On the positive side, most = people have moved past telnet and on to SSH by now; but this is still not an is= sue we could postpone until a more convenient time. While I'm writing, a note to freebsd-update users: FreeBSD-SA-11:07.chro= ot has a rather messy fix involving adding a new interface to libc; this has the = awkward side effect of causing the sizes of some "symbols" (aka. functions) in l= ibc to change, resulting in cascading changes into many binaries. The long lis= t of updated files is irritating, but isn't a sign that anything in freebsd-u= pdate went wrong. - --=20 Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly p= aranoid -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk70oR8ACgkQFdaIBMps37IHEwCeNT8dws04qyJ8yuOz7g2xd9Xs IsoAn0QfaSE6i90zFBuk1k0isvrDMYO3 =3Dp94J -----END PGP SIGNATURE----- merry Christmas Disclaimer=3A http=3A//www=2Eose=2Enl/email
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111223164542.b74a8519>