From owner-freebsd-announce@FreeBSD.ORG Mon Jan 9 19:42:12 2006 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F334D16A41F for ; Mon, 9 Jan 2006 19:42:11 +0000 (GMT) (envelope-from laura@usenix.org) Received: from usenix.org (voyager.usenix.org [131.106.3.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F35843D48 for ; Mon, 9 Jan 2006 19:42:10 +0000 (GMT) (envelope-from laura@usenix.org) Received: from voyager.usenix.org (localhost [127.0.0.1]) by usenix.org (8.12.10/8.12.10) with ESMTP id k09Jg7Ae023506 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 9 Jan 2006 11:42:09 -0800 (PST) Received: (from laura@localhost) by voyager.usenix.org (8.12.10/8.12.10/Submit) id k09Jg7an023505 for freebsd-announce@freebsd.org; Mon, 9 Jan 2006 11:42:07 -0800 (PST) Date: Mon, 9 Jan 2006 11:42:07 -0800 (PST) From: Laura Sheehan Message-Id: <200601091942.k09Jg7an023505@voyager.usenix.org> Content-Type: text To: undisclosed-recipients:; X-Mailman-Approved-At: Wed, 11 Jan 2006 03:10:56 +0000 Subject: [FreeBSD-Announce] Call for Papers X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jan 2006 19:42:12 -0000 --------------------------------------- Call for Papers: 2006 USENIX Annual Technical Conference Tuesday, May 30-Saturday, June 3, 2006, Boston, MA http://www.usenix.org/usenix06/cfpspe/ --------------------------------------- Dear Colleague, The 2006 USENIX Annual Technical Conference is moving back to its usual June timeframe. It will be held May 30-June 3, 2006, in Boston, MA. Please note the schedule change: The Technical Program will run Thursday-Saturday. On behalf of the 2006 USENIX Annual Technical Conference program committee, we request your ideas, proposals, and papers for invited talks, tutorials, refereed papers, Guru Is In sessions, Poster Session, and Work-in-Progress reports. ----------------------------------------------------- Call for Papers 2006 USENIX Systems Practice & Experience Refereed Papers (formerly the Refereed Papers General Track) Technical Program, Thursday-Saturday, June 1-3, 2006 Submissions Deadline: January 17, 2006 http://www.usenix.org/usenix06/cfpspe/ ----------------------------------------------------- The Program Committee for the Systems Practice & Experience Track (formerly the the Refereed Papers General Track) is seeking your participation. Please note that the submissions deadline is January 17, 2006. Authors are invited to submit original and innovative papers that further the knowledge and understanding of modern computing systems, with an emphasis on practical implementations and experimental results. We encourage papers that break new ground or present insightful results based on experience with computer systems. The USENIX conference has a broad scope, and we encourage papers in a wide range of topics in systems. Possible topics include but are not limited to: -- Architectural interaction -- Benchmarking -- Deployment experience -- Distributed and parallel systems -- Embedded systems -- Energy/power management -- File and storage systems -- Networking and network services -- Operating systems -- Reliability, availability, and scalability -- Security, privacy, and trust -- Self-managing systems -- Usage studies and workload characterization -- Virtualization -- Web technology -- Wireless and mobile systems In addition to full-length papers, we are also soliciting short papers, at most 6 pages long. Accepted short-paper submissions will be included in the Proceedings, and time will be provided in the Short Papers sessions for brief presentations of these papers. Papers accepted for the Short Papers sessions will automatically be included in the Poster Session. More information on these and other submission guidelines is available on our Web site: http://www.usenix.org/usenix06/cfpspe/ IMPORTANT DATES: Submissions due: Tuesday, January 17, 2006 Notification to authors: Monday, February 27, 2006 Final papers due: Monday, April 17, 2006 Please note that January 17 is a hard deadline; no extensions will be given. We look forward to your submissions. On behalf of the USENIX '06 Conference Organizers, Atul Adya, Microsoft Erich Nahum, IBM T.J. Watson Research Center 2006 USENIX Annual Technical Conference Program Co-Chairs From owner-freebsd-announce@FreeBSD.ORG Wed Jan 11 08:19:05 2006 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6023116A41F; Wed, 11 Jan 2006 08:19:05 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC2BC43D4C; Wed, 11 Jan 2006 08:19:03 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0B8J31N066538; Wed, 11 Jan 2006 08:19:03 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0B8J3vS066536; Wed, 11 Jan 2006 08:19:03 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 11 Jan 2006 08:19:03 GMT Message-Id: <200601110819.k0B8J3vS066536@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:01.texindex X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jan 2006 08:19:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:01.texindex Security Advisory The FreeBSD Project Topic: Texindex temporary file privilege escalation Category: contrib Module: texinfo Announced: 2006-01-11 Credits: Frank Lichtenheld Affects: All FreeBSD releases. Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE) 2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2) 2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE) 2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9) 2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24) 2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE) 2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14) 2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20) CVE Name: CAN-2005-3011 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background TeX is a document typesetting system which is popular in the mathematics, physics, and computer science realms because of its ability to typeset complex mathematical formulas. texindex(1) is a utility which is often used to generate a sorted index of a TeX file. II. Problem Description The "sort_offline" function used by texindex(1) employs the "maketempname" function, which produces predictable file names and fails to validate that the paths do not exist. III. Impact These predictable temporary file names are problematic because they allow an attacker to take advantage of a race condition in order to execute a symlink attack, which could enable them to overwrite files on the system in the context of the user running the texindex(1) utility. IV. Workaround No workaround is available, but the problematic code is only executed if the input file being processed is 500kB or more in length; as a result, users working with documents of less than several hundred pages are very unlikely to be affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, 5.3, 5.4, and 6.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 4.x and 5.x] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex5x.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex5x.patch.asc [FreeBSD 6.x] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/gnu/usr.bin/texinfo/texindex # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 contrib/texinfo/util/texindex.c 1.1.1.3.2.4 RELENG_4_11 src/UPDATING 1.73.2.91.2.15 src/sys/conf/newvers.sh 1.44.2.39.2.18 contrib/texinfo/util/texindex.c 1.1.1.3.2.3.6.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.21 src/sys/conf/newvers.sh 1.44.2.34.2.22 contrib/texinfo/util/texindex.c 1.1.1.3.2.3.4.1 RELENG_5 contrib/texinfo/util/texindex.c 1.1.1.7.4.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.18 src/sys/conf/newvers.sh 1.62.2.18.2.14 contrib/texinfo/util/texindex.c 1.1.1.7.8.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.27 src/sys/conf/newvers.sh 1.62.2.15.2.29 contrib/texinfo/util/texindex.c 1.1.1.7.6.1 RELENG_6 contrib/texinfo/util/texindex.c 1.1.1.8.2.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.7 src/sys/conf/newvers.sh 1.69.2.8.2.3 contrib/texinfo/util/texindex.c 1.1.1.8.4.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3011 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDxL4PFdaIBMps37IRAoJSAJ9kEVz5knEPcpUDw4psmKpbBjFH8wCfa7mq u+tT93VL13dZm8/9WCMU51k= =z4va -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Jan 11 08:19:05 2006 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3EBD16A41F; Wed, 11 Jan 2006 08:19:05 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 320D243D55; Wed, 11 Jan 2006 08:19:04 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0B8J4Be066547; Wed, 11 Jan 2006 08:19:04 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0B8J4pZ066545; Wed, 11 Jan 2006 08:19:04 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 11 Jan 2006 08:19:04 GMT Message-Id: <200601110819.k0B8J4pZ066545@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Errata Advisory FreeBSD-SA-06:01.texindex X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jan 2006 08:19:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:01.texindex Security Advisory The FreeBSD Project Topic: Texindex temporary file privilege escalation Category: contrib Module: texinfo Announced: 2006-01-11 Credits: Frank Lichtenheld Affects: All FreeBSD releases. Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE) 2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2) 2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE) 2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9) 2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24) 2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE) 2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14) 2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20) CVE Name: CAN-2005-3011 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background TeX is a document typesetting system which is popular in the mathematics, physics, and computer science realms because of its ability to typeset complex mathematical formulas. texindex(1) is a utility which is often used to generate a sorted index of a TeX file. II. Problem Description The "sort_offline" function used by texindex(1) employs the "maketempname" function, which produces predictable file names and fails to validate that the paths do not exist. III. Impact These predictable temporary file names are problematic because they allow an attacker to take advantage of a race condition in order to execute a symlink attack, which could enable them to overwrite files on the system in the context of the user running the texindex(1) utility. IV. Workaround No workaround is available, but the problematic code is only executed if the input file being processed is 500kB or more in length; as a result, users working with documents of less than several hundred pages are very unlikely to be affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, 5.3, 5.4, and 6.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 4.x and 5.x] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex5x.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex5x.patch.asc [FreeBSD 6.x] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/gnu/usr.bin/texinfo/texindex # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 contrib/texinfo/util/texindex.c 1.1.1.3.2.4 RELENG_4_11 src/UPDATING 1.73.2.91.2.15 src/sys/conf/newvers.sh 1.44.2.39.2.18 contrib/texinfo/util/texindex.c 1.1.1.3.2.3.6.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.21 src/sys/conf/newvers.sh 1.44.2.34.2.22 contrib/texinfo/util/texindex.c 1.1.1.3.2.3.4.1 RELENG_5 contrib/texinfo/util/texindex.c 1.1.1.7.4.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.18 src/sys/conf/newvers.sh 1.62.2.18.2.14 contrib/texinfo/util/texindex.c 1.1.1.7.8.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.27 src/sys/conf/newvers.sh 1.62.2.15.2.29 contrib/texinfo/util/texindex.c 1.1.1.7.6.1 RELENG_6 contrib/texinfo/util/texindex.c 1.1.1.8.2.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.7 src/sys/conf/newvers.sh 1.69.2.8.2.3 contrib/texinfo/util/texindex.c 1.1.1.8.4.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3011 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDxL4PFdaIBMps37IRAoJSAJ9kEVz5knEPcpUDw4psmKpbBjFH8wCfa7mq u+tT93VL13dZm8/9WCMU51k= =z4va -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Jan 11 08:19:11 2006 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 898FB16A41F; Wed, 11 Jan 2006 08:19:11 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6039043D48; Wed, 11 Jan 2006 08:19:10 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0B8JAeJ066589; Wed, 11 Jan 2006 08:19:10 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0B8JAlG066587; Wed, 11 Jan 2006 08:19:10 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 11 Jan 2006 08:19:10 GMT Message-Id: <200601110819.k0B8JAlG066587@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:02.ee X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jan 2006 08:19:11 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:02.ee Security Advisory The FreeBSD Project Topic: ee temporary file privilege escalation Category: core Module: ee Announced: 2006-01-11 Credits: Christian S.J. Peron Affects: All FreeBSD versions Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE) 2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2) 2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE) 2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9) 2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24) 2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE) 2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14) 2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20) CVE Name: CVE-2006-0055 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The ee utility is a simple screen oriented text editor. This editor is popular with a lot of users due to its ease of use. II. Problem Description The ispell_op function used by ee(1) while executing spell check operations employs an insecure method of temporary file generation. This method produces predictable file names based on the process ID and fails to confirm which path will be over written with the user. It should be noted that ispell does not have to be installed in order for this to be exploited. The option simply needs to be selected. III. Impact These predictable temporary file names are problematic because they allow an attacker to take advantage of a race condition in order to execute a symlink attack, which could allow them to overwrite files on the system in the context of the user running the ee(1) editor. IV. Workaround Instead of invoking ispell through ee(1), invoke it directly. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, 5.3, 5.4, and 6.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:02/ee.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:02/ee.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.bin/ee # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 usr.bin/ee/ee.c 1.16.2.9 RELENG_4_11 src/UPDATING 1.73.2.91.2.15 src/sys/conf/newvers.sh 1.44.2.39.2.18 usr.bin/ee/ee.c 1.16.2.7.6.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.21 src/sys/conf/newvers.sh 1.44.2.34.2.22 usr.bin/ee/ee.c 1.16.2.7.4.1 RELENG_5 usr.bin/ee/ee.c 1.31.4.2 RELENG_5_4 src/UPDATING 1.342.2.24.2.18 src/sys/conf/newvers.sh 1.62.2.18.2.14 usr.bin/ee/ee.c 1.31.4.1.2.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.27 src/sys/conf/newvers.sh 1.62.2.15.2.29 usr.bin/ee/ee.c 1.31.6.1 RELENG_6 usr.bin/ee/ee.c 1.32.2.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.7 src/sys/conf/newvers.sh 1.69.2.8.2.3 usr.bin/ee/ee.c 1.32.4.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0055 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDxL4YFdaIBMps37IRAlL2AJ4x+2WoVU3OJMEab2ch6sbBRaLoogCglFSE n4bkyDA2e6afV7tG4ja8foA= =42lw -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Jan 11 08:19:12 2006 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 045C016A420; Wed, 11 Jan 2006 08:19:12 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A542843D49; Wed, 11 Jan 2006 08:19:10 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0B8JAw7066598; Wed, 11 Jan 2006 08:19:10 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0B8JAe5066596; Wed, 11 Jan 2006 08:19:10 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 11 Jan 2006 08:19:10 GMT Message-Id: <200601110819.k0B8JAe5066596@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Errata Advisory FreeBSD-SA-06:02.ee X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jan 2006 08:19:12 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:02.ee Security Advisory The FreeBSD Project Topic: ee temporary file privilege escalation Category: core Module: ee Announced: 2006-01-11 Credits: Christian S.J. Peron Affects: All FreeBSD versions Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE) 2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2) 2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE) 2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9) 2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24) 2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE) 2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14) 2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20) CVE Name: CVE-2006-0055 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The ee utility is a simple screen oriented text editor. This editor is popular with a lot of users due to its ease of use. II. Problem Description The ispell_op function used by ee(1) while executing spell check operations employs an insecure method of temporary file generation. This method produces predictable file names based on the process ID and fails to confirm which path will be over written with the user. It should be noted that ispell does not have to be installed in order for this to be exploited. The option simply needs to be selected. III. Impact These predictable temporary file names are problematic because they allow an attacker to take advantage of a race condition in order to execute a symlink attack, which could allow them to overwrite files on the system in the context of the user running the ee(1) editor. IV. Workaround Instead of invoking ispell through ee(1), invoke it directly. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, 5.3, 5.4, and 6.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:02/ee.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:02/ee.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.bin/ee # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 usr.bin/ee/ee.c 1.16.2.9 RELENG_4_11 src/UPDATING 1.73.2.91.2.15 src/sys/conf/newvers.sh 1.44.2.39.2.18 usr.bin/ee/ee.c 1.16.2.7.6.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.21 src/sys/conf/newvers.sh 1.44.2.34.2.22 usr.bin/ee/ee.c 1.16.2.7.4.1 RELENG_5 usr.bin/ee/ee.c 1.31.4.2 RELENG_5_4 src/UPDATING 1.342.2.24.2.18 src/sys/conf/newvers.sh 1.62.2.18.2.14 usr.bin/ee/ee.c 1.31.4.1.2.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.27 src/sys/conf/newvers.sh 1.62.2.15.2.29 usr.bin/ee/ee.c 1.31.6.1 RELENG_6 usr.bin/ee/ee.c 1.32.2.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.7 src/sys/conf/newvers.sh 1.69.2.8.2.3 usr.bin/ee/ee.c 1.32.4.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0055 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDxL4YFdaIBMps37IRAlL2AJ4x+2WoVU3OJMEab2ch6sbBRaLoogCglFSE n4bkyDA2e6afV7tG4ja8foA= =42lw -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Jan 11 08:19:16 2006 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CED016A41F; Wed, 11 Jan 2006 08:19:16 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 747C443D46; Wed, 11 Jan 2006 08:19:14 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0B8JE9W066640; Wed, 11 Jan 2006 08:19:14 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0B8JEZ7066638; Wed, 11 Jan 2006 08:19:14 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 11 Jan 2006 08:19:14 GMT Message-Id: <200601110819.k0B8JEZ7066638@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:03.cpio X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jan 2006 08:19:16 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:03.cpio Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities cpio Category: contrib Module: contrib_cpio Announced: 2006-01-11 Credits: Imran Ghory, Richard Harms Affects: All FreeBSD releases. Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE) 2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2) 2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE) 2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9) 2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24) 2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE) 2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14) 2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20) CVE Name: CVE-2005-1111, CVE-2005-1229, CVE-2005-4268 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The cpio utility copies files into or out of a cpio or tar archive. II. Problem Description A number of issues has been discovered in cpio: . When creating a new file, cpio closes the file before setting its permissions. (CVE-2005-1111) . When extracting files cpio does not properly sanitize file names to filter out ".." components, even if the --no-absolute-filenames option is used. (CVE-2005-1229) . When adding large files (larger than 4 GB) to a cpio archive on 64-bit platforms an internal buffer might overflow. (CVE-2005-4268) III. Impact . The first problem can allow a local attacker to change the permissions of files owned by the user executing cpio providing that they have write access to the directory in which the file is being extracted. (CVE-2005-1111) . The lack of proper file name sanitation can allow an attacker to overwrite arbitrary local files when extracting files from a cpio a archive. (CVE-2005-1229) . The buffer-overflow on 64-bit platforms could lead cpio to a Denial-of-Service situation (crash) or possibly execute arbitrary code with the permissions of the user running cpio. (CVE-2005-4268) IV. Workaround Use a different utility to create and extract cpio archives, for example pax(1) or (on FreeBSD 5.3 or later) tar(1). If this is not possible, do not extract untrusted archives and when running on 64-bit platforms do not add untrusted files to cpio archives. V. Solution NOTE WELL: The solution described below causes cpio to not exact files with absolute paths by default anymore. If it is required that cpio exact files with absolute names, use the --absolute-filenames parameter. Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, 5.3, 5.4, and 6.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:03/cpio.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:03/cpio.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/gnu/usr.bin/cpio # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 contrib/cpio/copyin.c 1.6.6.2 contrib/cpio/copyout.c 1.2.8.1 contrib/cpio/cpio.1 1.3.6.1 contrib/cpio/extern.h 1.2.8.1 contrib/cpio/global.c 1.1.1.1.8.1 contrib/cpio/main.c 1.3.2.1 RELENG_4_11 src/UPDATING 1.73.2.91.2.15 src/sys/conf/newvers.sh 1.44.2.39.2.18 contrib/cpio/copyin.c 1.6.6.1.12.1 contrib/cpio/copyout.c 1.2.36.1 contrib/cpio/cpio.1 1.3.34.1 contrib/cpio/extern.h 1.2.36.1 contrib/cpio/global.c 1.1.1.1.36.1 contrib/cpio/main.c 1.3.30.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.21 src/sys/conf/newvers.sh 1.44.2.34.2.22 contrib/cpio/copyin.c 1.6.6.1.10.1 contrib/cpio/copyout.c 1.2.30.1 contrib/cpio/cpio.1 1.3.28.1 contrib/cpio/extern.h 1.2.30.1 contrib/cpio/global.c 1.1.1.1.30.1 contrib/cpio/main.c 1.3.24.1 RELENG_5 contrib/cpio/copyin.c 1.7.8.1 contrib/cpio/copyout.c 1.2.32.1 contrib/cpio/cpio.1 1.3.30.1 contrib/cpio/extern.h 1.2.32.1 contrib/cpio/global.c 1.1.1.1.32.1 contrib/cpio/main.c 1.3.26.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.18 src/sys/conf/newvers.sh 1.62.2.18.2.14 contrib/cpio/copyin.c 1.7.12.1 contrib/cpio/copyout.c 1.2.38.1 contrib/cpio/cpio.1 1.3.36.1 contrib/cpio/extern.h 1.2.38.1 contrib/cpio/global.c 1.1.1.1.38.1 contrib/cpio/main.c 1.3.32.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.27 src/sys/conf/newvers.sh 1.62.2.15.2.29 contrib/cpio/copyin.c 1.7.10.1 contrib/cpio/copyout.c 1.2.34.1 contrib/cpio/cpio.1 1.3.32.1 contrib/cpio/extern.h 1.2.34.1 contrib/cpio/global.c 1.1.1.1.34.1 contrib/cpio/main.c 1.3.28.1 RELENG_6 contrib/cpio/copyin.c 1.7.14.1 contrib/cpio/copyout.c 1.2.40.1 contrib/cpio/cpio.1 1.3.38.1 contrib/cpio/extern.h 1.2.40.1 contrib/cpio/global.c 1.1.1.1.40.1 contrib/cpio/main.c 1.3.34.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.7 src/sys/conf/newvers.sh 1.69.2.8.2.3 contrib/cpio/copyin.c 1.7.16.1 contrib/cpio/copyout.c 1.2.42.1 contrib/cpio/cpio.1 1.3.40.1 contrib/cpio/extern.h 1.2.42.1 contrib/cpio/global.c 1.1.1.1.42.1 contrib/cpio/main.c 1.3.36.1 - ------------------------------------------------------------------------- VII. References [CVE-2005-1111] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111 http://marc.theaimsgroup.com/?l=bugtraq&m=111342664116120 https://savannah.gnu.org/patch/?func=detailitem&item_id=4006 https://savannah.gnu.org/patch/?func=detailitem&item_id=4007 [CVE-2005-1229] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1229 http://marc.theaimsgroup.com/?l=bugtraq&m=111403177526312 https://savannah.gnu.org/patch/?func=detailitem&item_id=4005 [CVE-2005-4268] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4268 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDxL4mFdaIBMps37IRAqQnAJ9Js/Joq8LJJT1kX6DXStgJMliqJQCfdZCx bxuCX+ps+C0MR5UcLOExHvM= =7laG -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Jan 11 08:19:16 2006 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9AC8516A41F; Wed, 11 Jan 2006 08:19:16 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B36CD43D48; Wed, 11 Jan 2006 08:19:14 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0B8JESp066649; Wed, 11 Jan 2006 08:19:14 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0B8JEV5066647; Wed, 11 Jan 2006 08:19:14 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 11 Jan 2006 08:19:14 GMT Message-Id: <200601110819.k0B8JEV5066647@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Errata Advisory FreeBSD-SA-06:03.cpio X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jan 2006 08:19:16 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:03.cpio Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities cpio Category: contrib Module: contrib_cpio Announced: 2006-01-11 Credits: Imran Ghory, Richard Harms Affects: All FreeBSD releases. Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE) 2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2) 2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE) 2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9) 2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24) 2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE) 2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14) 2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20) CVE Name: CVE-2005-1111, CVE-2005-1229, CVE-2005-4268 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The cpio utility copies files into or out of a cpio or tar archive. II. Problem Description A number of issues has been discovered in cpio: . When creating a new file, cpio closes the file before setting its permissions. (CVE-2005-1111) . When extracting files cpio does not properly sanitize file names to filter out ".." components, even if the --no-absolute-filenames option is used. (CVE-2005-1229) . When adding large files (larger than 4 GB) to a cpio archive on 64-bit platforms an internal buffer might overflow. (CVE-2005-4268) III. Impact . The first problem can allow a local attacker to change the permissions of files owned by the user executing cpio providing that they have write access to the directory in which the file is being extracted. (CVE-2005-1111) . The lack of proper file name sanitation can allow an attacker to overwrite arbitrary local files when extracting files from a cpio a archive. (CVE-2005-1229) . The buffer-overflow on 64-bit platforms could lead cpio to a Denial-of-Service situation (crash) or possibly execute arbitrary code with the permissions of the user running cpio. (CVE-2005-4268) IV. Workaround Use a different utility to create and extract cpio archives, for example pax(1) or (on FreeBSD 5.3 or later) tar(1). If this is not possible, do not extract untrusted archives and when running on 64-bit platforms do not add untrusted files to cpio archives. V. Solution NOTE WELL: The solution described below causes cpio to not exact files with absolute paths by default anymore. If it is required that cpio exact files with absolute names, use the --absolute-filenames parameter. Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, 5.3, 5.4, and 6.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:03/cpio.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:03/cpio.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/gnu/usr.bin/cpio # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 contrib/cpio/copyin.c 1.6.6.2 contrib/cpio/copyout.c 1.2.8.1 contrib/cpio/cpio.1 1.3.6.1 contrib/cpio/extern.h 1.2.8.1 contrib/cpio/global.c 1.1.1.1.8.1 contrib/cpio/main.c 1.3.2.1 RELENG_4_11 src/UPDATING 1.73.2.91.2.15 src/sys/conf/newvers.sh 1.44.2.39.2.18 contrib/cpio/copyin.c 1.6.6.1.12.1 contrib/cpio/copyout.c 1.2.36.1 contrib/cpio/cpio.1 1.3.34.1 contrib/cpio/extern.h 1.2.36.1 contrib/cpio/global.c 1.1.1.1.36.1 contrib/cpio/main.c 1.3.30.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.21 src/sys/conf/newvers.sh 1.44.2.34.2.22 contrib/cpio/copyin.c 1.6.6.1.10.1 contrib/cpio/copyout.c 1.2.30.1 contrib/cpio/cpio.1 1.3.28.1 contrib/cpio/extern.h 1.2.30.1 contrib/cpio/global.c 1.1.1.1.30.1 contrib/cpio/main.c 1.3.24.1 RELENG_5 contrib/cpio/copyin.c 1.7.8.1 contrib/cpio/copyout.c 1.2.32.1 contrib/cpio/cpio.1 1.3.30.1 contrib/cpio/extern.h 1.2.32.1 contrib/cpio/global.c 1.1.1.1.32.1 contrib/cpio/main.c 1.3.26.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.18 src/sys/conf/newvers.sh 1.62.2.18.2.14 contrib/cpio/copyin.c 1.7.12.1 contrib/cpio/copyout.c 1.2.38.1 contrib/cpio/cpio.1 1.3.36.1 contrib/cpio/extern.h 1.2.38.1 contrib/cpio/global.c 1.1.1.1.38.1 contrib/cpio/main.c 1.3.32.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.27 src/sys/conf/newvers.sh 1.62.2.15.2.29 contrib/cpio/copyin.c 1.7.10.1 contrib/cpio/copyout.c 1.2.34.1 contrib/cpio/cpio.1 1.3.32.1 contrib/cpio/extern.h 1.2.34.1 contrib/cpio/global.c 1.1.1.1.34.1 contrib/cpio/main.c 1.3.28.1 RELENG_6 contrib/cpio/copyin.c 1.7.14.1 contrib/cpio/copyout.c 1.2.40.1 contrib/cpio/cpio.1 1.3.38.1 contrib/cpio/extern.h 1.2.40.1 contrib/cpio/global.c 1.1.1.1.40.1 contrib/cpio/main.c 1.3.34.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.7 src/sys/conf/newvers.sh 1.69.2.8.2.3 contrib/cpio/copyin.c 1.7.16.1 contrib/cpio/copyout.c 1.2.42.1 contrib/cpio/cpio.1 1.3.40.1 contrib/cpio/extern.h 1.2.42.1 contrib/cpio/global.c 1.1.1.1.42.1 contrib/cpio/main.c 1.3.36.1 - ------------------------------------------------------------------------- VII. References [CVE-2005-1111] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111 http://marc.theaimsgroup.com/?l=bugtraq&m=111342664116120 https://savannah.gnu.org/patch/?func=detailitem&item_id=4006 https://savannah.gnu.org/patch/?func=detailitem&item_id=4007 [CVE-2005-1229] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1229 http://marc.theaimsgroup.com/?l=bugtraq&m=111403177526312 https://savannah.gnu.org/patch/?func=detailitem&item_id=4005 [CVE-2005-4268] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4268 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDxL4mFdaIBMps37IRAqQnAJ9Js/Joq8LJJT1kX6DXStgJMliqJQCfdZCx bxuCX+ps+C0MR5UcLOExHvM= =7laG -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Jan 11 08:19:24 2006 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 295E816A433; Wed, 11 Jan 2006 08:19:24 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D029E43D46; Wed, 11 Jan 2006 08:19:22 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0B8JM9x066698; Wed, 11 Jan 2006 08:19:22 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0B8JMjv066696; Wed, 11 Jan 2006 08:19:22 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 11 Jan 2006 08:19:22 GMT Message-Id: <200601110819.k0B8JMjv066696@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:04.ipfw X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jan 2006 08:19:24 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:04.ipfw Security Advisory The FreeBSD Project Topic: ipfw IP fragment denial of service Category: core Module: ipfw Announced: 2006-01-11 Credits: Oleg Bulyzhin Affects: FreeBSD 6.0-RELEASE Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE) 2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2) CVE Name: CVE-2006-0054 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background ipfw(8) is a system facility which provides IP packet filtering, accounting, and redirection. Among the many features, while discarding packets it can perform actions defined by the user, such as sending back TCP reset or ICMP unreachable packets. These operations can be performed by using the reset, reject or uncreach actions. II. Problem Description The firewall maintains a pointer to layer 4 header information in the event that it needs to send a TCP reset or ICMP error message to discard packets. Due to incorrect handling of IP fragments, this pointer fails to get initialized. III. Impact An attacker can cause the firewall to crash by sending ICMP IP fragments to or through firewalls which match any reset, reject or unreach actions. IV. Workaround Change any reset, reject or unreach actions to deny. It should be noted that this will result in packets being silently discarded. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE or to the RELENG_6_0 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:04/ipfw.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:04/ipfw.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/sys/netinet/ip_fw2.c 1.106.2.6 RELENG_6_0 src/UPDATING 1.416.2.3.2.7 src/sys/conf/newvers.sh 1.69.2.8.2.3 src/sys/netinet/ip_fw2.c 1.106.2.3.2.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0054 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDxL4vFdaIBMps37IRAmrZAJ4qRzdR0zR0u9ZY5RTTsMF5ZcGBUACfa5Gn 9kbuhOTex8BBlNFRHYCd9e4= =WcS+ -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Jan 11 08:19:24 2006 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 799C916A433; Wed, 11 Jan 2006 08:19:24 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F17B43D48; Wed, 11 Jan 2006 08:19:23 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0B8JMia066707; Wed, 11 Jan 2006 08:19:22 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0B8JMPQ066705; Wed, 11 Jan 2006 08:19:22 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 11 Jan 2006 08:19:22 GMT Message-Id: <200601110819.k0B8JMPQ066705@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Errata Advisory FreeBSD-SA-06:04.ipfw X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jan 2006 08:19:24 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:04.ipfw Security Advisory The FreeBSD Project Topic: ipfw IP fragment denial of service Category: core Module: ipfw Announced: 2006-01-11 Credits: Oleg Bulyzhin Affects: FreeBSD 6.0-RELEASE Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE) 2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2) CVE Name: CVE-2006-0054 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background ipfw(8) is a system facility which provides IP packet filtering, accounting, and redirection. Among the many features, while discarding packets it can perform actions defined by the user, such as sending back TCP reset or ICMP unreachable packets. These operations can be performed by using the reset, reject or uncreach actions. II. Problem Description The firewall maintains a pointer to layer 4 header information in the event that it needs to send a TCP reset or ICMP error message to discard packets. Due to incorrect handling of IP fragments, this pointer fails to get initialized. III. Impact An attacker can cause the firewall to crash by sending ICMP IP fragments to or through firewalls which match any reset, reject or unreach actions. IV. Workaround Change any reset, reject or unreach actions to deny. It should be noted that this will result in packets being silently discarded. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE or to the RELENG_6_0 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:04/ipfw.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:04/ipfw.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/sys/netinet/ip_fw2.c 1.106.2.6 RELENG_6_0 src/UPDATING 1.416.2.3.2.7 src/sys/conf/newvers.sh 1.69.2.8.2.3 src/sys/netinet/ip_fw2.c 1.106.2.3.2.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0054 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDxL4vFdaIBMps37IRAmrZAJ4qRzdR0zR0u9ZY5RTTsMF5ZcGBUACfa5Gn 9kbuhOTex8BBlNFRHYCd9e4= =WcS+ -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Jan 11 09:06:14 2006 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 253EA16A433; Wed, 11 Jan 2006 09:06:14 +0000 (GMT) (envelope-from cperciva@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B40EE43DDF; Wed, 11 Jan 2006 08:55:26 +0000 (GMT) (envelope-from cperciva@FreeBSD.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0B8jNOT068920; Wed, 11 Jan 2006 08:45:23 GMT (envelope-from cperciva@freefall.freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0B8jNsW068919; Wed, 11 Jan 2006 08:45:23 GMT (envelope-from cperciva) Date: Wed, 11 Jan 2006 08:45:23 +0000 From: Colin Percival To: FreeBSD Security Advisories Message-ID: <20060111084523.GA68702@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Precedence: bulk Cc: Subject: [FreeBSD-Announce] Duplicate advisory emails X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jan 2006 09:06:14 -0000 Dear freebsd-announce subscribers, Due to a scripting bug, the four recent security advisories (FreeBSD-SA-06:01.texindex, FreeBSD-SA-06:02.ee, FreeBSD-SA-06:03.cpio, and FreeBSD-SA-06:04.ipfw) were accidentally sent out twice each, first with the correct subject line of "FreeBSD Security Advisory ..." and second with the incorrect subject line "FreeBSD Errata Advisory ...". Don't worry, there are only 4 advisories, not 8. Sorry for accidentally filling your inboxes, Colin Percival FreeBSD Security Officer From owner-freebsd-announce@FreeBSD.ORG Wed Jan 11 10:21:57 2006 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4C1916A41F; Wed, 11 Jan 2006 10:21:57 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D9F943D7D; Wed, 11 Jan 2006 10:21:55 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0BALtnV073529; Wed, 11 Jan 2006 10:21:55 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0BALtUK073527; Wed, 11 Jan 2006 10:21:55 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 11 Jan 2006 10:21:55 GMT Message-Id: <200601111021.k0BALtUK073527@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:01.texindex [REVISED] X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jan 2006 10:21:57 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:01.texindex Security Advisory The FreeBSD Project Topic: Texindex temporary file privilege escalation Category: contrib Module: texinfo Announced: 2006-01-11 Credits: Frank Lichtenheld Affects: All FreeBSD releases. Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE) 2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2) 2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE) 2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9) 2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24) 2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE) 2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14) 2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20) CVE Name: CAN-2005-3011 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . 0. Revision History. v1.0 2006-01-11 Initial release. v1.1 2006-01-11 Corrected instructions for rebuilding texindex. I. Background TeX is a document typesetting system which is popular in the mathematics, physics, and computer science realms because of its ability to typeset complex mathematical formulas. texindex(1) is a utility which is often used to generate a sorted index of a TeX file. II. Problem Description The "sort_offline" function used by texindex(1) employs the "maketempname" function, which produces predictable file names and fails to validate that the paths do not exist. III. Impact These predictable temporary file names are problematic because they allow an attacker to take advantage of a race condition in order to execute a symlink attack, which could enable them to overwrite files on the system in the context of the user running the texindex(1) utility. IV. Workaround No workaround is available, but the problematic code is only executed if the input file being processed is 500kB or more in length; as a result, users working with documents of less than several hundred pages are very unlikely to be affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, 5.3, 5.4, and 6.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 4.x and 5.x] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex5x.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex5x.patch.asc [FreeBSD 6.x] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/gnu/usr.bin/texinfo/libtxi # make obj && make depend && make # cd /usr/src/gnu/usr.bin/texinfo/texindex # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 contrib/texinfo/util/texindex.c 1.1.1.3.2.4 RELENG_4_11 src/UPDATING 1.73.2.91.2.15 src/sys/conf/newvers.sh 1.44.2.39.2.18 contrib/texinfo/util/texindex.c 1.1.1.3.2.3.6.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.21 src/sys/conf/newvers.sh 1.44.2.34.2.22 contrib/texinfo/util/texindex.c 1.1.1.3.2.3.4.1 RELENG_5 contrib/texinfo/util/texindex.c 1.1.1.7.4.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.18 src/sys/conf/newvers.sh 1.62.2.18.2.14 contrib/texinfo/util/texindex.c 1.1.1.7.8.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.27 src/sys/conf/newvers.sh 1.62.2.15.2.29 contrib/texinfo/util/texindex.c 1.1.1.7.6.1 RELENG_6 contrib/texinfo/util/texindex.c 1.1.1.8.2.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.7 src/sys/conf/newvers.sh 1.69.2.8.2.3 contrib/texinfo/util/texindex.c 1.1.1.8.4.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3011 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDxNZZFdaIBMps37IRAkQ5AKCayEHnnoglWAyY2wA22huF9xmIxgCdFwpn ePrdykp4BUjKqAMYCUupMK8= =q74p -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Thu Jan 12 14:12:01 2006 Return-Path: X-Original-To: announce@freebsd.org Delivered-To: freebsd-announce@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 39B3E16A41F for ; Thu, 12 Jan 2006 14:12:01 +0000 (GMT) (envelope-from dan@langille.org) Received: from m21.unixathome.org (m21.unixathome.org [205.150.199.217]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3F6743D88 for ; Thu, 12 Jan 2006 14:11:48 +0000 (GMT) (envelope-from dan@langille.org) Received: from localhost (localhost [205.150.199.217]) by m21.unixathome.org (Postfix) with ESMTP id 9C5A5C36E for ; Thu, 12 Jan 2006 09:11:47 -0500 (EST) Received: from m21.unixathome.org ([205.150.199.217]) by localhost (m21.unixathome.org [205.150.199.217]) (amavisd-new, port 10024) with ESMTP id 32375-05 for ; Thu, 12 Jan 2006 09:11:45 -0500 (EST) Received: from bast.unixathome.org (bast.unixathome.org [70.26.229.230]) by m21.unixathome.org (Postfix) with ESMTP id 7A176BF58 for ; Thu, 12 Jan 2006 09:11:45 -0500 (EST) Received: from [10.55.0.99] (wocker.unixathome.org [10.55.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 5ED413D3B for ; Thu, 12 Jan 2006 09:11:45 -0500 (EST) From: "Dan Langille" To: announce@freebsd.org Date: Thu, 12 Jan 2006 09:11:45 -0500 MIME-Version: 1.0 Message-ID: <43C61D51.23011.220DEE48@dan.langille.org> Priority: normal X-mailer: Pegasus Mail for Windows (4.31) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at unixathome.org X-Mailman-Approved-At: Thu, 12 Jan 2006 14:15:43 +0000 Cc: Subject: [FreeBSD-Announce] BSDCan 2006: Call For Papers - reminder X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jan 2006 14:12:01 -0000 Hello folks, I'm writing to remind you that the deadline for the Call For Papers is one week away. Please get your submissions in before that date. You don't want to miss out presenting at the biggest BSD event of the year. BSDCan 2006 will be held May 12-13, 2005, in Ottawa at University of Ottawa. We are now requesting proposals for papers. The papers should be written with a very strong technical content bias. Papers and proposals of a business development or marketing nature are not appropriate for this venue. The schedule is: 19 Dec 2005 Proposal acceptance begins 19 Jan 2006 Proposal acceptance ends 19 Feb 2006 Confirmation of accepted proposals 19 Mar 2006 Abstracts due 19 Apr 2006 Formatted final papers must arrive no later than this date Please submit all proposals to papers@bsdcan.org NOTE: This is the schedule for formal papers. We are also accepting submissions for for talks and presentations. If you have a proposal, please contact us on papers@bsdcan.org. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/