Security Updates
June 10, 2009
This should be applied to all systems running 0.2.1. Users on p9 simply should update their kernels. No world update is required.
ipv6:
The SIOCSIFINFO_IN6 ioctl is missing a necessary permissions check. Don't let everyone on the planet (with local access) change the properties on the ipv6 interfaces.anonymous pipes:
Stop unprivileged processes from reading pages of memory belonging to other processes with anonymous pipes.0.3-Current users can verify they have the patch by checking sysctl kern.osreldate. If the value is 3005 or better, you have the patch.
May 21, 2009
This fix is only in configuration files for ssh and sshd. Users on p8 should simply add
Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbcto their configuration files for sshd_config and ssh_config in etc/ssh
April 22, 2009
The function ASN1_STRING_print_ex does not properly validate the lengths of BMPString or UniversalString objects before attempting to print them. MidnightBSD 0.2.1-RELEASE-p8 and 0.3-CURRENT include this fix.
March 26, 2009
Update for sudo that corrects several outstanding security advisories. This was corrected in 0.2.1-RELEASE-p7 and 0.3-CURRENT. 0.1.x is no longer receiving security patches. It is recommended that you upgrade to 0.2.1-RELEASE-p7 when possible.
January 15, 2009
Prevent a DNSSEC attack with BIND. This was corrected in 0.2.1 and 0.3-CURRENT. 0.1.x is no longer receiving security patches. It is recommended that you upgrade to 0.2.1-RELEASE when possible.
January 10, 2009
Fix two issues with MidnightBSD 0.2.1 and 0.3-CURRENT. The first is in OpenSSL and would allow applications that use OpenSSL to interpret an invalid certificate as valid. The second is in lukemftpd(8) that could allow long commands to be split into multiple commands.
December 31, 2008
Correct a problem where bluetooth and netgraph sockets were not initialized properly. This is available in RELENG_0_2, RELENG_0_1, and current.
November 24, 2008
Correct a problem in arc4random which causes the device not to get enough entropy for system services. Geom classes initialized at startup will still have problems. Update your system to RELENG_0_2 (MidnightBSD 0.2.1-p3)
September 29, 2008
A vulnerability in ftpd could allow unauthorized access. This is network exploitable and affects all versions of MidnightBSD.
CVE-2008-4247
Update your system using cvs to RELENG_0_2 or apply the patch on the ftp server in pub/MidnightBSD/patches/0.2.1/patch-ftpd and rebuild ftpd.
Septmeber 4, 2008
ICMPv6 code does not properly check the proposed MTU in the case of a "Packet Too Big Message" Systems without IPV6 support are safe. You may update your systems or block the ICMP traffic from a firewall or router. (CURRENT/RELENG_0_2)
Septmeber 4, 2008
An issue has been reported on systems running MidnightBSD for amd64/emt64 processors. (in 64bit os) This patch was released AFTER 0.2.1-RELEASE. Update systems to RELENG_0_2 or CURRENT to get the fix. From the FreeBSD advisory on the same issue: If a General Protection Fault happens on a FreeBSD/amd64 system while it is returning from an interrupt, trap or system call, the swapgs CPU instruction may be called one extra time when it should not resulting in userland and kernel state being mixed.
July 11, 2008
Update to bind 9.4.1 p1 to fix the recently reported vulnerability in most dns software. Users of BIND are recommended to update to the latest version in src on RELENG_0_2 or CURRENT, or to obtain a newer version from mports.
May 16, 2008
The Debian project made a patch to openssl causing a defect in the generation of ssh keys. A new utility was added to midnightbsd to detect these keys and deny them. This was applied to RELENG_0_2 and CURRENT. The utility was obtained from Ubuntu.
April 17, 2008
OpenSSH was updated to 5.0p1 in CURRENT to correct an issue with X11 forwarding. A patch for this issue was committed to RELENG_0_1 as well as a fix for a config file issue.
April 17, 2008
A security issue was found in mksh. This only affected CURRENT users. The software was updated to r33d
April 6, 2008
bzip2 was updated to 1.05 in CURRENT to correct a security issue.
April 3, 2008
A security issue was found with strfmon in libc. CVE-2008-1391 Integer Overflow. This was fixed in CURRENT.
February 15, 2008
CURRENT now has a patch to correct a potential security issue with sendfile. Files were not checked prior to serving which would allow a file that was write only to be served. While this scenario is rare, we decided to fix it anyway.
sendfile is used by many daemons including Apache httpd.
August 1, 2007
BIND and Tcpdump were patched in 0.2 and 0.1 for recent security issues. BIND is now equivalent to 9.3.4p1.
May 2, 2007
CURRENT and STABLE both have the patch for ipv6 type 0 routing headers. The problem is that ipv6 routing headers could be run over the same link multiple times.
March 10, 2007
While many of the DST changes were imported last year, we decided to cover all cases and import the latest tzdata2007c. Users concerned about DST changes should update their sources and rebuild. The java ports may not have DST changes in place. We will review that issue.
January 23, 2007
A "symlink" exploit was found in the MidnightBSD jail system. A fix was made available. Please update your /etc/rc.d/jail file from cvs. Patches will not be created until our first release.