From owner-freebsd-announce@FreeBSD.ORG Wed Nov 28 10:04:29 2007 Return-Path: Delivered-To: announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7FF8F16A576 for ; Wed, 28 Nov 2007 10:04:28 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout2.yahoo.com (mrout2.yahoo.com [216.145.54.172]) by mx1.freebsd.org (Postfix) with ESMTP id 9EAEB13C458 for ; Wed, 28 Nov 2007 10:04:28 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy8.corp.yahoo.com [216.145.48.13]) by mrout2.yahoo.com (8.13.6/8.13.6/y.out) with ESMTP id lAS9rvDL025077 for ; Wed, 28 Nov 2007 01:53:57 -0800 (PST) Date: Wed, 28 Nov 2007 18:53:56 +0900 Message-ID: From: gnn@freebsd.org To: announce@freebsd.org User-Agent: Wanderlust/2.15.5 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.7 Emacs/22.1.50 (i386-apple-darwin8.10.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-Mailman-Approved-At: Wed, 28 Nov 2007 12:20:17 +0000 Cc: Subject: [FreeBSD-Announce] AsiaBSDCon 2008 Call For Papers X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Nov 2007 10:04:29 -0000 Hi, Well, we're at it again. In March of 2008 we'll be having another AsiaBSDCon in Tokyo Japan. The CFP is here: http://2008.asiabsdcon.org/cfp.html and we hope to see all of you there. Best, George From owner-freebsd-announce@FreeBSD.ORG Wed Nov 28 20:00:08 2007 Return-Path: Delivered-To: announce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A091116A474 for ; Wed, 28 Nov 2007 20:00:08 +0000 (UTC) (envelope-from hrs@allbsd.org) Received: from mail.allbsd.org (unknown [IPv6:2001:2f0:104:e002::2]) by mx1.freebsd.org (Postfix) with ESMTP id 9755C13C4F4 for ; Wed, 28 Nov 2007 20:00:07 +0000 (UTC) (envelope-from hrs@allbsd.org) Received: from delta.allbsd.org (p4054-ipbf904funabasi.chiba.ocn.ne.jp [122.26.39.54]) (authenticated bits=128) by mail.allbsd.org (8.13.8/8.13.8) with ESMTP id lASJxriU041935 for ; Thu, 29 Nov 2007 05:00:06 +0900 (JST) (envelope-from hrs@allbsd.org) Received: from localhost (alph.allbsd.org [192.168.0.10]) (authenticated bits=0) by delta.allbsd.org (8.13.4/8.13.4) with ESMTP id lASJvF86085953 for ; Thu, 29 Nov 2007 04:57:18 +0900 (JST) (envelope-from hrs@allbsd.org) Date: Thu, 29 Nov 2007 04:55:33 +0900 (JST) Message-Id: <20071129.045533.99003580.hrs@allbsd.org> To: announce@FreeBSD.org From: Hiroki Sato X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 5.2 on Emacs 22.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart(Thu_Nov_29_04_55_33_2007_979)--" Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.91.2, clamav-milter version 0.91.2 on gatekeeper.allbsd.org X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (mail.allbsd.org [133.31.130.32]); Thu, 29 Nov 2007 05:00:06 +0900 (JST) X-Mailman-Approved-At: Wed, 28 Nov 2007 20:48:56 +0000 Cc: Subject: [FreeBSD-Announce] AsiaBSDCon 2008 in Tokyo - extension of submission deadline X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Nov 2007 20:00:08 -0000 ----Security_Multipart(Thu_Nov_29_04_55_33_2007_979)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello, AsiaBSDCon 2008 will be held in March 27-30, 2008, in Tokyo. We are now requesting proposals for papers, presentations, and tutorials. The submission deadline has been extended to December 11, 2007. Due to some server problems submission interface in the official web site is not ready yet, so please submit your proposal directly to secretary@asiabsdcon.org via email (submission via web site will be available this weekend). Also, if you are interested in attending the conference, please subscribe the announce mailing list. See http://lists.asiabsdcon.org/mailman/listinfo/announce for details. You can find the last time conference program, proceedings, and so on at http://2007.asiabsdcon.org/. Important dates: 11 December 2007 (extended) Extended abstracts for papers and presentations acceptance ends. 24 December 2007 Authors and presenters notified by the program committee. 31 January 2008 Final papers and presentations due. 27-30 March 2008 Day of the conference -- | Hiroki SATO ----Security_Multipart(Thu_Nov_29_04_55_33_2007_979)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBHTce1TyzT2CeTzy0RAmCXAKCY0YxC1oa6ikIlfiWNmOb0JWMrmwCdFAjB fhKcHRiEyne0/nMqyuYxr2Q= =Kf0B -----END PGP SIGNATURE----- ----Security_Multipart(Thu_Nov_29_04_55_33_2007_979)---- From owner-freebsd-announce@FreeBSD.ORG Thu Nov 29 16:31:19 2007 Return-Path: Delivered-To: freebsd-announce@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8623F16A418; Thu, 29 Nov 2007 16:31:19 +0000 (UTC) (envelope-from security-advisories@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 81E3313C4E3; Thu, 29 Nov 2007 16:31:19 +0000 (UTC) (envelope-from security-advisories@FreeBSD.org) Received: from freefall.freebsd.org (simon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lATGVJJK088840; Thu, 29 Nov 2007 16:31:19 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lATGVJ4l088838; Thu, 29 Nov 2007 16:31:19 GMT (envelope-from security-advisories@freebsd.org) Date: Thu, 29 Nov 2007 16:31:19 GMT Message-Id: <200711291631.lATGVJ4l088838@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-07:09.random X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@FreeBSD.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Nov 2007 16:31:19 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:09.random Security Advisory The FreeBSD Project Topic: Random value disclosure Category: core Module: sys_dev_random Announced: 2007-11-29 Credits: Robert Woolley Affects: All supported versions of FreeBSD Corrected: 2007-11-29 16:05:38 UTC (RELENG_7, 7.0-BETA4) 2007-11-29 16:06:12 UTC (RELENG_6, 6.3-PRERELEASE) 2007-11-29 16:06:54 UTC (RELENG_6_3, 6.3-RC2) 2007-11-29 16:07:30 UTC (RELENG_6_2, 6.2-RELEASE-p9) 2007-11-29 16:07:54 UTC (RELENG_6_1, 6.1-RELEASE-p21) 2007-11-29 16:08:54 UTC (RELENG_5, 5.5-STABLE) 2007-11-29 16:09:26 UTC (RELENG_5_5, 5.5-RELEASE-p17) CVE Name: CVE-2007-6150 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The random(4) and urandom(4) devices return an endless supply of pseudo-random bytes when read. Cryptographic algorithms often depend on the secrecy of these pseudo-random values for security. II. Problem Description Under certain circumstances, a bug in the internal state tracking on the random(4) and urandom(4) devices can be exploited to allow replaying of data distributed during subsequent reads. III. Impact This could enable an adversary to determine fragments of random values previously read, allowing them to defeat certain security mechanisms. Note that the attacker has to be in close proximity to the source of the pseudo-randomness, which typically means local access to the system. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 5.5, 6.1, and 6.2 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-07:09/random.patch # fetch http://security.FreeBSD.org/patches/SA-07:09/random.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_5 src/sys/dev/random/yarrow.c 1.44.2.1 RELENG_5_5 src/UPDATING 1.342.2.35.2.17 src/sys/conf/newvers.sh 1.62.2.21.2.19 src/sys/dev/random/yarrow.c 1.44.8.1 RELENG_6 src/sys/dev/random/yarrow.c 1.45.2.2 RELENG_6_3 src/UPDATING 1.416.2.37.2.2 src/sys/dev/random/yarrow.c 1.45.2.1.6.1 RELENG_6_2 src/UPDATING 1.416.2.29.2.12 src/sys/conf/newvers.sh 1.69.2.13.2.12 src/sys/dev/random/yarrow.c 1.45.2.1.4.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.23 src/sys/conf/newvers.sh 1.69.2.11.2.23 src/sys/dev/random/yarrow.c 1.45.2.1.2.1 RELENG_7 src/sys/dev/random/yarrow.c 1.47.2.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6150 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-07:09.random.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHTuezFdaIBMps37IRAhp3AJ0UHJiYycOQCEai3Aid2uT6Jf3WZwCfdR65 Ozmn0Qn6Ru54NRriBJG1o4g= =95t9 -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Thu Nov 29 16:31:42 2007 Return-Path: Delivered-To: freebsd-announce@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2FFCF16A593; Thu, 29 Nov 2007 16:31:42 +0000 (UTC) (envelope-from security-advisories@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2ADC913C448; Thu, 29 Nov 2007 16:31:42 +0000 (UTC) (envelope-from security-advisories@FreeBSD.org) Received: from freefall.freebsd.org (simon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lATGVguB089095; Thu, 29 Nov 2007 16:31:42 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lATGVfiw089091; Thu, 29 Nov 2007 16:31:41 GMT (envelope-from security-advisories@freebsd.org) Date: Thu, 29 Nov 2007 16:31:41 GMT Message-Id: <200711291631.lATGVfiw089091@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-07:10.gtar X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@FreeBSD.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Nov 2007 16:31:42 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:10.gtar Security Advisory The FreeBSD Project Topic: gtar directory traversal vulnerability Category: contrib Module: contrib_tar Announced: 2007-11-29 Credits: Dmitry V. Levinx Affects: FreeBSD 5.x releases Corrected: 2007-11-29 16:08:54 UTC (RELENG_5, 5.5-STABLE) 2007-11-29 16:09:26 UTC (RELENG_5_5, 5.5-RELEASE-p17) CVE Name: CVE-2007-4131 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background GNU tar (gtar) is a utility to create and extract "tape archives", commonly known as tar files. GNU tar is included in FreeBSD 5.x as /usr/bin/gtar. II. Problem Description Insufficient sanity checking of paths containing '.' and '..' allows gtar to overwrite arbitrary files on the system. III. Impact An attacker who can convince an user to extract a specially crafted archive can overwrite arbitrary files with the permissions of the user running gtar. If that user is root, the attacker can overwrite any file on the system. IV. Workaround Use "bsdtar", which has been the default tar implementation since FreeBSD 5.3. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_5 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 5.5 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-07:10/gtar.patch # fetch http://security.FreeBSD.org/patches/SA-07:10/gtar.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/gnu/usr.bin/tar # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_5 src/contrib/tar/src/misc.c 1.3.8.1 RELENG_5_5 src/UPDATING 1.342.2.35.2.17 src/sys/conf/newvers.sh 1.62.2.21.2.19 src/contrib/tar/src/misc.c 1.3.20.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHTue3FdaIBMps37IRAgzFAKCMswqo5lH2+bb0yGRN+qhPqfBYlACfQ4+j Dq8Gbv9wz/AwDyAEZq2+1eQ= =1e8b -----END PGP SIGNATURE-----