From owner-freebsd-announce@FreeBSD.ORG Mon Aug 25 09:10:26 2003 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55EB416A4BF for ; Mon, 25 Aug 2003 09:10:26 -0700 (PDT) Received: from magic.adaptec.com (magic-mail.adaptec.com [216.52.22.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1B9343FDD for ; Mon, 25 Aug 2003 09:10:25 -0700 (PDT) (envelope-from gibbs@btc.adaptec.com) Received: from redfish.adaptec.com (redfish.adaptec.com [162.62.50.11]) by magic.adaptec.com (8.11.6/8.11.6) with ESMTP id h7PGAPo17373 for ; Mon, 25 Aug 2003 09:10:25 -0700 Received: from [10.100.253.70] (aslan.btc.adaptec.com [10.100.253.70]) by redfish.adaptec.com (8.8.8p2+Sun/8.8.8) with ESMTP id JAA20897 for ; Mon, 25 Aug 2003 09:10:24 -0700 (PDT) Date: Mon, 25 Aug 2003 10:11:42 -0600 From: "Justin T. Gibbs" To: freebsd-announce@FreeBSD.org Message-ID: <4287975408.1061827902@aslan.btc.adaptec.com> X-Mailer: Mulberry/3.1.0b5 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Mailman-Approved-At: Mon, 25 Aug 2003 09:16:32 -0700 Subject: [FreeBSD-Announce] FreeBSD Foundation Announces Native Support for Java JDK 1.3.1 on FreeBSD X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 16:10:26 -0000 Boulder, CO - August 25, 2003 - The FreeBSD Foundation today announced the availability of a binary distribution of the Java JDK version 1.3.1 for the widely used FreeBSD operating system. Wes Peters of the FreeBSD Core Team commented "This announcement hallmarks a new era of Java support for FreeBSD. Having easy to install binary Java packages will ensure that all users can enjoy the benefits of Java technology on the FreeBSD platform." Java users can download, without charge, the FreeBSD Foundation's Java distribution from . The FreeBSD Foundation is also providing OEM licenses to FreeBSD distributors, permitting them to ship out-of-the-box Java support with FreeBSD. Foundation Secretary and Treasurer, Justin T. Gibbs, pledged continued support for Java technology on the FreeBSD platform. "The FreeBSD Foundation is committed to keeping FreeBSD a Java enabled platform. With the 1.3.1 JDK release behind us, the Foundation has turned its attention toward the 1.4.X JDK. The volunteers working on FreeBSD Java support already have us most of the way there. The Foundation is now financing efforts to accelerate the completion of this work." Noting the importance of Java support to the FreeBSD user base was FreeBSD Foundation president Robert Watson. "Java support is critical to the success of FreeBSD in the enterprise-- this release will open many doors for the FreeBSD platform." About the FreeBSD Project The FreeBSD Project, a volunteer organization, provides a full 4.4BSD-Lite2 based operating system for the 32 and 64-bit Intel and AMD platforms and the 64-bit Alpha and UltraSPARC platforms. FreeBSD is widely used in the network server environment, powering over two million web servers and four million web sites worldwide, and is the basis for a broad array of embedded and server products. For more information, please visit FreeBSD on the Web at www.FreeBSD.org. About the FreeBSD Foundation The FreeBSD Foundation is a 501(c)(3) non-profit corporation dedicated to supporting the FreeBSD Project. The Foundation gratefully accepts donations from individuals and businesses, using them to fund projects which further the development of the FreeBSD operating system. For more information about the FreeBSD Foundation, visit their web site at . Press Contact press@FoundationFreeBSD.org FreeBSD is a registered trademark of Wind River Systems, used with permission. Sun, Sun Microsystems, Java and JDK are trademarks or registered trademarks of Sun Microsystems, Inc. From owner-freebsd-announce@FreeBSD.ORG Tue Aug 26 09:43:33 2003 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 634DC16A4C0; Tue, 26 Aug 2003 09:43:33 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 276CE43FE5; Tue, 26 Aug 2003 09:43:31 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (nectar@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h7QGhVUp025305; Tue, 26 Aug 2003 09:43:31 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: (from nectar@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h7QGhV2h025304; Tue, 26 Aug 2003 09:43:31 -0700 (PDT) Date: Tue, 26 Aug 2003 09:43:31 -0700 (PDT) Message-Id: <200308261643.h7QGhV2h025304@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:11.sendmail X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: security-advisories@freebsd.org List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Aug 2003 16:43:33 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:11.sendmail Security Advisory The FreeBSD Project Topic: sendmail DNS map problem Category: contrib Module: contrib_sendmail Announced: 2003-08-26 Credits: Oleg Bulyzhin Affects: 4.6-RELEASE (up to -p16), 4.7-RELEASE (up to -p13), 4.8-RELEASE (up to -p3), 5.0-RELEASE (up to -p11) 4-STABLE prior to Mar 29 19:33:18 2003 UTC Corrected: 2003-08-25 22:33:14 UTC (RELENG_5_0) 2003-08-25 22:35:23 UTC (RELENG_4_8) 2003-08-25 22:36:10 UTC (RELENG_4_7) 2003-08-25 22:38:53 UTC (RELENG_4_6) FreeBSD only: NO For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes sendmail(8), a general purpose internetwork mail routing facility, as the default Mail Transfer Agent (MTA). II. Problem Description Some versions of sendmail (8.12.0 through 8.12.8) contain a programming error in the code that implements DNS maps. A malformed DNS reply packet may cause sendmail to call `free()' on an uninitialized pointer. NOTE: The default sendmail configuration in FreeBSD does not utilize DNS maps. III. Impact Calling `free()' on an uninitialized pointer may result in a sendmail child process crashing. It may also be possible for an attacker to somehow influence the value of the `uninitialized pointer' and cause an arbitrary memory trunk to be freed. This could further lead to some other exploitable vulnerability, although no such cases are known at this time. IV. Workaround Do not use DNS maps. V. Solution Do one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5.1-RELEASE, or to the RELENG_5_1, RELENG_4_8, or RELENG_4_7 security branch dated after the correction date (5.1-RELEASE-p11, 4.8-RELEASE-p4, or 4.7-RELEASE-p14, respectively). 2) To patch your present system: The following patch has been verified to apply to FreeBSD 5.0, 4.8, 4.7, and 4.6 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:11/sendmail.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:11/sendmail.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/libsm # make obj && make depend && make # cd /usr/src/lib/libsmutil # make obj && make depend && make # cd /usr/src/usr.sbin/sendmail # make obj && make depend && make && make install c) Restart sendmail. Execute the following command as root. # /bin/sh /etc/rc.sendmail restart VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Path Revision Branch - ------------------------------------------------------------------------- src/UPDATING RELENG_5_0 1.229.2.17 RELENG_4_8 1.73.2.80.2.6 RELENG_4_7 1.73.2.74.2.17 RELENG_4_6 1.73.2.68.2.45 src/sys/conf/newvers.sh RELENG_5_0 1.48.2.12 RELENG_4_8 1.44.2.29.2.5 RELENG_4_7 1.44.2.26.2.16 RELENG_4_6 1.44.2.23.2.34 src/contrib/sendmail/src/sm_resolve.c RELENG_5_0 1.1.1.4.2.1 RELENG_4_8 1.1.1.1.2.2.4.1 RELENG_4_7 1.1.1.1.2.2.2.1 RELENG_4_6 1.1.1.1.2.1.2.2 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/S4xUFdaIBMps37IRAoJ4AJ9AiL4AMlSXz/thD2SuNkKSQsUZHgCeKbds qEb9Em5ElZZOEnIajwneKIg= =SjNG -----END PGP SIGNATURE-----