From owner-freebsd-announce@FreeBSD.ORG Mon Apr 7 06:41:33 2003 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3F2937B419; Mon, 7 Apr 2003 06:41:33 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BEF643FB1; Mon, 7 Apr 2003 06:41:32 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (nectar@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h37DfVUp004868; Mon, 7 Apr 2003 06:41:31 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: (from nectar@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h37DfVP2004867; Mon, 7 Apr 2003 06:41:31 -0700 (PDT) Date: Mon, 7 Apr 2003 06:41:31 -0700 (PDT) Message-Id: <200304071341.h37DfVP2004867@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk X-Mailman-Approved-At: Mon, 07 Apr 2003 11:08:53 -0700 Subject: [FreeBSD-Announce] FreeBSD Security Notice FreeBSD-SN-03:01 X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: security-advisories@freebsd.org List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Apr 2003 13:41:34 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SN-03:01 Security Notice The FreeBSD Project Topic: security issue in samba ports Announced: 2003-04-07 I. Introduction Several ports in the FreeBSD Ports Collection are affected by security issues. These are listed below with references and affected versions. All versions given refer to the FreeBSD port/package version numbers. The listed vulnerabilities are not specific to FreeBSD unless otherwise noted. These ports are not installed by default, nor are they ``part of FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of third-party applications in a ready-to-install format. FreeBSD makes no claim about the security of these third-party applications. See for more information about the FreeBSD Ports Collection. II. Ports +------------------------------------------------------------------------+ Port name: net/samba Affected: versions < samba-2.2.8_2, samba-2.2.8a Status: Fixed Two vulnerabilities recently: (1) Sebastian Krahmer of the SuSE Security Team identified vulnerabilities that could lead to arbitrary code execution as root, as well as a race condition that could allow overwriting of system files. (This vulnerability was previously fixed in Samba 2.2.8.) (2) Digital Defense, Inc. reports: ``This vulnerability, if exploited correctly, leads to an anonymous user gaining root access on a Samba serving system. All versions of Samba up to and including Samba 2.2.8 are vulnerable. Alpha versions of Samba 3.0 and above are *NOT* vulnerable.'' +------------------------------------------------------------------------+ Port name: net/samba-tng Affected: all versions Status: Not fixed Some or all of the vulnerabilities affecting Samba may also affect Samba-TNG. No confirmation or official patches are available at the time of this security notice. +------------------------------------------------------------------------+ III. Upgrading Ports/Packages To upgrade a fixed port/package, perform one of the following: 1) Upgrade your Ports Collection and rebuild and reinstall the port. Several tools are available in the Ports Collection to make this easier. See: /usr/ports/devel/portcheckout /usr/ports/misc/porteasy /usr/ports/sysutils/portupgrade 2) Deinstall the old package and install a new package obtained from [FreeBSD 4.x, i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ [FreeBSD 5.x, i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/ Packages are not automatically generated for other architectures at this time. Note that new, official packages may not be available on all mirrors immediately. In the interim, Security Officer-generated packages (and detached digital signatures) are available for the i386 architecture at: [FreeBSD 4.x, i386] ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz.asc [FreeBSD 5.x] ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz.asc +------------------------------------------------------------------------+ FreeBSD Security Notices are communications from the Security Officer intended to inform the user community about potential security issues, such as bugs in the third-party applications found in the Ports Collection, which will not be addressed in a FreeBSD Security Advisory. Feedback on Security Notices is welcome at . -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+kX+vFdaIBMps37IRAtkmAJ4ruhx4WQLeSPSPgfmzrVW4uYvVJACfRxem 4q3eO8IxTujzRR2QwH4eyK4= =/4KW -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Apr 8 05:12:06 2003 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AAD5537B401; Tue, 8 Apr 2003 05:12:06 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8800E43F3F; Tue, 8 Apr 2003 05:12:05 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (nectar@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h38CC5Up050408; Tue, 8 Apr 2003 05:12:05 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: (from nectar@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h38CC5GS050406; Tue, 8 Apr 2003 05:12:05 -0700 (PDT) Date: Tue, 8 Apr 2003 05:12:05 -0700 (PDT) Message-Id: <200304081212.h38CC5GS050406@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Notice FreeBSD-SN-03:02 X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: security-advisories@freebsd.org List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2003 12:12:07 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SN-03:02 Security Notice The FreeBSD Project Topic: security issue in SETI@home client Announced: 2003-04-08 I. Introduction A port in the FreeBSD Ports Collection is affected by a security issue. Summary information is given below with references and affected versions. All versions given refer to the FreeBSD port/package version numbers. The listed vulnerabilities are not specific to FreeBSD unless otherwise noted. This port is not installed by default, nor is it ``part of FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of third-party applications in a ready-to-install format. FreeBSD makes no claim about the security of these third-party applications. See for more information about the FreeBSD Ports Collection. II. Ports +------------------------------------------------------------------------+ Port name: astro/setiathome Affected: All versions Status: Not fixed Excerpt from Berend-Jan Wever a.k.a. SkyLined's advisory: ``There is a bufferoverflow in the server responds handler. Sending an overly large string followed by a newline ('\n') character to the client will trigger this overflow. This has been tested with various versions of the client. All versions are presumed to have this flaw in some form.'' Example exploits for FreeBSD and other systems exist. A new version of SETI@home for FreeBSD is not available at the time of this security notice. +------------------------------------------------------------------------+ FreeBSD Security Notices are communications from the Security Officer intended to inform the user community about potential security issues, such as bugs in the third-party applications found in the Ports Collection, which will not be addressed in a FreeBSD Security Advisory. Feedback on Security Notices is welcome at . -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+kruuFdaIBMps37IRAksIAKCXua4QQz3P3Y4qysYW8/ftjQhozQCfVnNw PZAo0yzuFpYydTgYrodW+4Q= =DQki -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Apr 8 22:47:31 2003 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6061337B401 for ; Tue, 8 Apr 2003 22:47:31 -0700 (PDT) Received: from perrin.int.nxad.com (internal.ext.nxad.com [69.1.70.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id D023F43F85 for ; Tue, 8 Apr 2003 22:47:30 -0700 (PDT) (envelope-from sean@perrin.int.nxad.com) Received: by perrin.int.nxad.com (Postfix, from userid 1001) id 843EE21062; Tue, 8 Apr 2003 22:47:17 -0700 (PDT) Date: Tue, 8 Apr 2003 22:47:17 -0700 From: Sean Chittenden To: announce@FreeBSD.org Message-ID: <20030409054717.GY79923@perrin.int.nxad.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jt0yj30bxbg11sci" Content-Disposition: inline User-Agent: Mutt/1.4i X-PGP-Key: finger seanc@FreeBSD.org X-PGP-Fingerprint: 3849 3760 1AFE 7B17 11A0 83A6 DD99 E31F BC84 B341 X-Web-Homepage: http://sean.chittenden.org/ X-Mailman-Approved-At: Wed, 09 Apr 2003 00:16:37 -0700 Subject: [FreeBSD-Announce] New mailing list: performance@FreeBSD.org X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Apr 2003 05:47:31 -0000 --jt0yj30bxbg11sci Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I'm pleased to announce the formation of a new mailing list dedicated to the performance of FreeBSD under high load or extreme conditions. Address: performance@FreeBSD.org List URL: http://lists.FreeBSD.org/mailman/listinfo/freebsd-performance List admin: freebsd-performance-owner@freebsd.org The performance@ mailing list exists to provide a place for hackers, administrators, and/or concerned parties to discuss performance related topics pertaining to FreeBSD. Acceptable topics includes talking about FreeBSD installations that are either under high load, are experiencing performance problems, or are pushing the limits of FreeBSD. Concerned parties that are willing to work toward improving the performance of FreeBSD are highly encouraged to subscribe to this list. This is a highly technical list ideally suited for experienced FreeBSD users, hackers, or administrators interested in keeping FreeBSD fast, robust, and scalable. The performance@ list is not a question-and-answer list that replaces reading through documentation, but it is a place to make contributions or inquire about unanswered performance related topics. Answered questions and performance related FAQ's will end up in a compiled list or integrated into the existing documentation. Flames, trolls, wars, and bikesheds will not be tolerated. Constructive, progressive posts, and patches, however, are very welcome. Examples of questions that would be appropriate on the performance@ list include (if they haven't already been answered or incorporated into the FAQ/docs): "Hi, I've got 60K connections per box and I'm drowning because I don't have enough empirical port #'s available. What's the best hack/work around given my CPU is only at 20% and RAM is in the same neck of the woods?" or: "I think I've pushed sendfile() as far as it can go and now my apps are lagging 2-15sec. I thought sendfile() was supposed to return -1 and EWOULDBLOCK when the call would block, but if there aren't any sf_buf's available, sendfile() _is_ blocking and my app performance nose dives in the worst of ways. What's the best work around or is there a fix for this problem?" or: "I'm throwing out about 50Mbps of traffic, but am rate shaping my bits as they head out. I've consequently used up all of my mbufclusters but not individual mbufs. How can I tune this so that they balance out? I've noticed the same problem with high latency connections that are from over seas and that it effectively DDoS'es my machines when things get busy..." or: "Now that I've got it in balance, I can't seem to get more than 130K mbufclusters in use without the kernel panicing on startup. I know I have more KVM available than is required but something 'just sucks' in the way that mbufclusters are allocated at the moment. Am I the only one noticing this?" or: "Now that I've got a firewall up front and am using stateful firewall rules, has anyone else noticed that the hashing algorithm used for dynamic rules blows goats? I've got about 600K stateful rules at the moment and most of the time is spent doing hash key lookups." or: "Has anyone noticed that FreeBSD's async IO falls apart when the system load hits around 10? When I try and push any amount of bits through it using a threaded app and *poof* I start getting incorrect return values. Anyone else had this happen?" If there are any problems or questions regarding the list, please don't hesitate to contact the list administrator at: freebsd-performance-owner@FreeBSD.org "FreeBSD: The Power [and Speed/Reliability] To Serve." --=20 Sean Chittenden --jt0yj30bxbg11sci Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: Sean Chittenden iD8DBQE+k7Pk3ZnjH7yEs0ERAp+fAJ9E6FFlyVtbf7H1zTkMlTrlTqCxqwCg3E9T 7bTdUxa2VSbvPgGCBVTvlFY= =k8HL -----END PGP SIGNATURE----- --jt0yj30bxbg11sci--