–rvl6scdve54fu6my
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
FreeBSD Project Quarterly Status Report – Fourth Quarter 2020
Introduction
This report covers FreeBSD related…
Errata patches for the kernel have been released for OpenBSD 6.8.
Use of bpf(4) on a carp interface could result in a use after free
error.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code pa…
Errata patches for the kernel have been released for OpenBSD 6.7 and 6.8.
When an NDP entry is invalidated the associated layer 2 address is not
invalidated.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utili…
–=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
The pkgsrc developers are proud to announce the 69th quarterly release
of pkgsrc, the cross-platform packaging system. pkgsrc is available
with more than 24,000 packages, r…
Errata patches for smtpd have been released for OpenBSD 6.7 and 6.8.
smtpd’s filter state machine can prematurely release resources leading
to a crash.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. So…
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
=============================================================================
FreeBSD-SA-20:33.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL NULL pointer de-reference
Category: contrib
Module: openssl
Announced: 2020-12-08
Affects: All supported versions of FreeBSD.
Corrected: 2020-12-08 18:28:49 UTC (stable/12, 12.2-STABLE)
2020-12-08 19:10:40 UTC (releng/12.2, 12.2-RELEASE-p2)
2020-12-08 19:10:40 UTC (releng/12.1, 12.1-RELEASE-p12)
2020-12-10 23:43:29 UTC (stable/11, 11.4-STABLE)
2020-12-14 21:20:55 UTC (releng/11.4, 11.4-RELEASE-p6)
CVE Name: CVE-2020-1971
Note:
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
=============================================================================
FreeBSD-SA-20:33.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL NULL pointer de-reference
Category: contrib
Module: openssl
Announced: 2020-12-08
Affects: All supported versions of FreeBSD.
Corrected: 2020-12-08 18:28:49 UTC (stable/12, 12.2-STABLE)
2020-12-08 19:10:40 UTC (releng/12.2, 12.2-RELEASE-p2)
2020-12-08 19:10:40 UTC (releng/12.1, 12.1-RELEASE-p12)
CVE Name: CVE-2020-1971
Note: The OpenSSL project has published publicly available patches for
versions
We have released LibreSSL 3.3.1, 3.2.3, and 3.1.5, which will be arriving
in the LibreSSL directory of your local OpenBSD mirror soon.
It includes the following security fix:
* Malformed ASN.1 in a certificate revocation list or a timestamp
…
OpenNTPD 6.8p1 has been released, and is now available from your local
OpenBSD mirror. This is the first stable release based on OpenBSD 6.8.
It includes the following changes since OpenNTPD 6.2p3:
* The ntpd daemon now gets and sets the clock in …
Errata patches for LibreSSL have been released for OpenBSD 6.7 and 6.8.
Malformed ASN.1 in a certificate revocation list or a timestamp
response token can lead to a NULL pointer dereference.
Binary updates for the amd64, i386, and arm64 platforms are…
Errata patches for the kernel have been released for OpenBSD 6.7 and 6.8.
Process exit in multithreaded programs could result in the wrong exit
code being reported.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatc…
The FreeBSD project is pleased to announce the first transition from
Subversion to Git, for the doc repository.
We will begin the migration sometime on December 5th and hope to be
completed by December 8th. Please see
https://github.com/bsdimp/freebsd…
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
=============================================================================
FreeBSD-SA-20:32.rtsold Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in rtsold
Category: core
Module: rtsold
Announced: 2020-12-01
Credits: Quarkslab Vulnerability Reports
Affects: All supported versions of FreeBSD
Corrected: 2020-12-01 19:35:48 UTC (stable/12, 12.2-STABLE)
2020-12-01 19:39:44 UTC (releng/12.2, 12.2-RELEASE-p1)
2020-12-01 19:39:44 UTC (releng/12.1, 12.1-RELEASE-p11)
2020-12-01 19:36:37 UTC (stable/11, 11.4-STABLE)
2020-12-01 19:39:44 UTC (releng/11.4, 11.4-RELEASE-p5)
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
=============================================================================
FreeBSD-SA-20:31.icmp6 Security Advisory
The FreeBSD Project
Topic: ICMPv6 use-after-free in error message handling
Category: core
Module: icmp6
Announced: 2020-12-01
Credits: Maxime Villard
Affects: All supported versions of FreeBSD.
Corrected: 2020-11-05 22:41:54 UTC (stable/12, 12.2-STABLE)
2020-12-01 19:38:52 UTC (releng/12.2, 12.2-RELEASE-p1)
2020-12-01 19:38:52 UTC (releng/12.1, 12.1-RELEASE-p11)
2020-12-01 03:07:26 UTC (stable/11, 11.4-STABLE)
2020-12-01 19:38:52 UTC (releng/11.4,
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
=============================================================================
FreeBSD-EN-20:22.callout Errata Notice
The FreeBSD Project
Topic: Race condition in callout CPU migration
Category: core
Module: callout
Announced: 2020-12-01
Affects: FreeBSD 12.1 and 12.2
Corrected: 2020-11-26 14:57:30 UTC (stable/12, 12.2-STABLE)
2020-12-01 19:37:33 UTC (releng/12.2, 12.2-RELEASE-p1)
2020-12-01 19:37:33 UTC (releng/12.1, 12.1-RELEASE-p11)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
=============================================================================
FreeBSD-EN-20:21.ipfw Errata Notice
The FreeBSD Project
Topic: Uninitialized variable in ipfw
Category: core
Module: ipfw
Announced: 2020-12-01
Affects: FreeBSD 12.2
Corrected: 2020-10-18 20:54:15 UTC (stable/12, 12.2-STABLE)
2020-12-01 19:36:36 UTC (releng/12.2, 12.2-RELEASE-p1)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections,
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
=============================================================================
FreeBSD-EN-20:20.tzdata Errata Notice
The FreeBSD Project
Topic: Timezone database information update
Category: contrib
Module: zoneinfo
Announced: 2020-12-01
Affects: All supported versions of FreeBSD.
Corrected: 2020-10-23 01:06:33 UTC (stable/12, 12.1-STABLE)
2020-12-01 19:35:48 UTC (releng/12.2, 12.2-RELEASE-p1)
2020-12-01 19:35:48 UTC (releng/12.1, 12.1-RELEASE-p11)
2020-10-23 01:06:42 UTC (stable/11, 11.4-STABLE)
2020-12-01 19:35:48 UTC (releng/11.4, 11.4-RELEASE-p5)
For general information regarding
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
=============================================================================
FreeBSD-EN-20:19.audit Errata Notice
The FreeBSD Project
Topic: execve/fexecve system call auditing
Category: core
Module: kernel
Announced: 2020-12-01
Affects: FreeBSD 12.1 and later.
Corrected: 2020-10-27 13:13:04 UTC (stable/12, 12.2-STABLE)
2020-12-01 19:34:45 UTC (releng/12.2, 12.2-RELEASE-p1)
2020-12-01 19:34:45 UTC (releng/12.1, 12.1-RELEASE-p11)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields
Errata patches for the X server have been released for OpenBSD 6.7 and 6.8.
Multiple input validation failures in the X server XKB extension can lead
to out of bounds memory accesses for authorized clients.
Binary updates for the amd64, i386, and arm…
We have released LibreSSL 3.3.0, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon.
This is the first development release from the 3.3.x series, which will
eventually be part of OpenBSD 6.9. It includes the following c…