News

Bron: [url=http://www.webwereld.nl]Webwereld[/url]

In juni werd er uitvoerig bericht over een bug in de serversoftware ‘Apache’ en over een fout in de Secure Socket Layer‚ kortweg SSL. SSL wordt gebruikt op webpagina’s van banken en online winkels om de verbinding te versleutelen. Dit zorgt ervoor dat de gegevens veilig over het internet verstuurd kunnen worden en niet onderschept kunnen worden.

[url=http://www.webwereld.nl/nieuws/12208.phtml]Het heke artikel[/url]

[url=http://www.webwereld.nl/]Webwereld[/url]

XS4ALL biedt vanaf vandaag adsl van BBned aan. Deze adsl-dienst zal tot acht keer sneller zijn dan de huidige adsl-diensten van XS4ALL. BBned dekt vrijwel hetzelfde gebied dat MxStream dekt. Klanten van de nieuwe dienst kunnen gebruik maken van ‘line-sharing’. Hierdoor is het mogelijk om de telefonie via KPN te laten verlopen.

[url=http://www.webwereld.nl/nieuws/12198.phtml]Het hele artikel[/url]

Bron: [url=http://www.bsdforums.org/forums/showthread.php?s=&threadid=2608]BSDForums[/url]

A few system calls were identified that contained assumptions that
a given argument was always a positive integer‚ while in fact the
argument was handled as a signed integer. As a result‚ the boundary
checking code would fail if the system call were entered with a
negative argument.

The affected system calls could be called with large negative
arguments‚ causing the kernel to return a large portion of kernel
memory. Such memory might contain sensitive information‚ such as
portions of the file cache or terminal buffers. This information
might be directly useful‚ or it might be leveraged to obtain elevated
privileges in some way. For example‚ a terminal buffer might include
a user-entered password.

[quote]*************************************
Date: Mon‚ 19 Aug 2002 05:56:23 -0700 (PDT)
From: FreeBSD Security Advisories
To: FreeBSD Security Advisories
Subject: FreeBSD Security Advisory FreeBSD-SA-02:38.signed-error

—–BEGIN PGP SIGNED MESSAGE—–

==================================================
===========================
FreeBSD-SA-02:38.signed-error Security Advisory
The FreeBSD Project

Topic: Boundary checking errors involving signed integers

Category: core
Module: sys
Announced: 2002-08-19
Credits: Silvio Cesare
Affects: All releases of FreeBSD up to and including 4.6.1-RELEASE-p10
Corrected: 2002-08-13 02:42:32 UTC (RELENG_4)
2002-08-13 12:12:36 UTC (RELENG_4_6)
2002-08-13 12:13:05 UTC (RELENG_4_5)
2002-08-13 12:13:49 UTC (RELENG_4_4)
FreeBSD only: YES

I. Background

The issue described in this advisory affects the accept(2)‚
getsockname(2)‚ and getpeername(2) system calls‚ and the vesa(4)
FBIO_GETPALETTE ioctl(2).

II. Problem Description

A few system calls were identified that contained assumptions that
a given argument was always a positive integer‚ while in fact the
argument was handled as a signed integer. As a result‚ the boundary
checking code would fail if the system call were entered with a
negative argument.

III. Impact

The affected system calls could be called with large negative
arguments‚ causing the kernel to return a large portion of kernel
memory. Such memory might contain sensitive information‚ such as
portions of the file cache or terminal buffers. This information
might be directly useful‚ or it might be leveraged to obtain elevated
privileges in some way. For example‚ a terminal buffer might include
a user-entered password.

IV. Workaround

None.

V. Solution

1) Upgrade your vulnerable system to 4.6.2-RELEASE or 4.6-STABLE;
or to any of the RELENG_4_6 (4.6.1-RELEASE-p11)‚ RELENG_4_5
(4.5-RELEASE-p19)‚ or RELENG_4_4 (4.4-RELEASE-p26) security branches
dated after the respective correction dates.

2) To patch your present system:

a) Download the relevant patch from the location below‚ and verify the
detached PGP signature using your PGP utility. The following patch
has been tested to apply to all FreeBSD 4.x releases.

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/C…ned-error.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/C…error.patch.asc

b) Apply the patch.

# cd /usr/src
# patch < /path/to/patch c) Recompile your kernel as described in
and reboot the system.

VI. Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Path Revision
Branch
– ————————————————————————-
src/sys/i386/isa/vesa.c
RELENG_4 1.32.2.1
RELENG_4_6 1.32.10.1
RELENG_4_5 1.32.8.1
RELENG_4_4 1.32.6.1
src/sys/kern/uipc_syscalls.c
RELENG_4 1.65.2.12
RELENG_4_6 1.65.2.9.6.1
RELENG_4_5 1.65.2.9.4.1
RELENG_4_4 1.65.2.9.2.1
src/sys/conf/newvers.sh
RELENG_4_6 1.44.2.23.2.16
RELENG_4_5 1.44.2.20.2.20
RELENG_4_4 1.44.2.17.2.25
– ————————————————————————-

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.0.7 (FreeBSD)

iQCVAwUBPWDpxFUuHi5z0oilAQHCWgP+PmomqbDBiBHKG6JWrx
8Kz8M6gnrg4omw
w/ vH5uK2lHGL6ZGecwvhJOTbV4bKXt1C1dKoUyA7WH7l9nQi+1Cr
ZwT/D5mkteU+
XEqtNfRhiaDokj/5I8MA0OM80+jryeAimxYDEi2vm315RIOMeR/sdP7m7H2vl9cZ
V8rt/2zD2wc=
=LpMd
—–END PGP SIGNATURE—–

This is the moderated mailing list freebsd-announce.
The list contains announcements of new FreeBSD capabilities‚
important events and project milestones.
See also the FreeBSD Web pages at http://www.freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with “unsubscribe freebsd-announce” in the body of the message
[/quote]

Bron: [url=http://www.webwereld.nl]Webwereld[/url]

KPN zal een ‘light-versie’ van MxStream op de markt brengen. De snelheid van de bestaande abonnementen gaat omhoog. Dat zei Ad Scheepbouwer, bestuursvoorzitter van KPN, dinsdagochtend bij de presentatie van de halfjaarcijfers. Details over het goedkope adsl en de nieuwe snelheden van MxStream worden pas donderdag bekendgemaakt. Wel is duidelijk dat de light-versie goedkoper zal zijn dan de huidige abonnementen.

[url=http://www.webwereld.nl/nieuws/12193.phtml]Het hele artikel[/url]

Er is een status rapport verschenen van FreeBSD, hier kun je zien waar de verschillende teams mee bezig zijn.
[quote]May and June were remarkably busy months for the FreeBSD Project– FreeBSD developers met in Monterey, CA in June for FreeBSD Developer Summit III to discuss strategy for the FreeBSD 5.0 release later this year, for the USENIX Annual Technical conference and for the FreeBSD BoF. Substantial technical progress was made on FreeBSD 5.0, and FreeBSD 4.6-RELEASE was cut on the RELENG_4 branch in June.[/quote]

[url=http://www.freebsd.org/news/status/report-may-2002-june-2002.html]Het hele status rapport[/url]

Tot 1 september kunnen er nog toevoegingen gedaan worden voor de release van 4.7, die op rol staat voor 1 oktober.
De announcement:
[quote]Date: Mon, 12 Aug 2002 02:08:07 -0700
From: Murray Stokely
To: stable@freebsd.org
Cc: qa@FreeBSD.org, re@FreeBSD.org
Subject: HEADS UP: FreeBSD 4.7 Code Freeze in less than a month

It’s about that time already — FreeBSD 4.7 is just around the corner.
Now is the time to speak up about any problems with the new code that
has been introduced since 4.6. Please email the relevant
maintainers/committers for any specific bug fixes or enhancements that
you think should be MFCed for FreeBSD 4.7.

The code freeze date is firmly set, and barring any stability or
security problems, we intend to release on October 1.

Code Freeze:September 1, 2002
Release Candidate 1:September 15, 2002
Release Candidate 2:September 20, 2002
Release Candidate 3:September 25, 2002
Final release:October 1, 2002

For a more detailed schedule of the release process, please see
http://www.FreeBSD.org/releases/4.7R/schedule.html

Also, please remember to send all requests to re@FreeBSD.org. I will
be in Taiwan and Japan for parts of the code freeze, so replies to
messages addressed to me personally may be significantly delayed
during the month of September.

Thanks!

– Murray Stokely / Release Engineering Team [/quote]

FreeBSD 4.6.2 is gereleased, deze server draait nu ook 4.6.2
De volledige announcement:
[quote]I am happy to announce the availability of FreeBSD 4.6.2-RELEASE, a
maintenance release of the FreeBSD -STABLE development branch. Since
FreeBSD 4.6-RELEASE in June 2002, we have resolved several ATA-related
problems, updated the system OpenSSL and OpenSSH components, and
addressed several security issues.

For a list of new features and known problems, please see the release
notes and errata list, available here:

http://www.FreeBSD.org/releases/4.6.2R/relnotes.html
http://www.FreeBSD.org/releases/4.6.2R/errata.html

For more information about FreeBSD release engineering activities
(including information about the upcoming FreeBSD 4.7), please see:

http://www.FreeBSD.org/releng/

Availability
– ————

FreeBSD 4.6.2-RELEASE supports the i386 and alpha architectures and
can be installed directly over the net using the boot floppies or
copied to a local NFS/FTP server. Distributions for the i386 are
available now. As of this writing, the final builds for the alpha
architecture are in progress and will be made available shortly.

We can’t promise that all the mirror sites will carry the larger ISO
images, but they will at least be available from:

ftp://ftp.FreeBSD.org
ftp://ftp2.FreeBSD.org
ftp://ftp.dk.FreeBSD.org
ftp://ftp.ru.FreeBSD.org
ftp://ftp.tw.FreeBSD.org
ftp://ftp10.tw.FreeBSD.org

If you can’t afford FreeBSD on media, are impatient, or just want to
use it for evangelism purposes, then by all means download the ISO
images, otherwise please continue to support the FreeBSD Project by
purchasing media from one of our supporting vendors. The following
companies will be offering FreeBSD 4.6.2 based products:

FreeBSD Mall, Inc. http://www.freebsdmall.com/
FreeBSD Services Ltd. http://www.freebsd-services.com/

FreeBSD is also available via anonymous FTP from mirror sites in the
following countries: Argentina, Australia, Brazil, Bulgaria, Canada,
China, Czech Republic, Denmark, Estonia, Finland, France, Germany,
Hong Kong, Hungary, Iceland, Ireland, Israel, Japan, Korea, Lithuania,
the Netherlands, New Zealand, Poland, Portugal, Romania, Russia, Saudi
Arabia, South Africa, Slovak Republic, Slovenia, Spain, Sweden,
Taiwan, Thailand, Ukraine, and the United Kingdom.

Before trying the central FTP site, please check your regional
mirror(s) first by going to:

ftp://ftp..FreeBSD.org/pub/FreeBSD

Any additional mirror sites will be labeled ftp2, ftp3 and so on.

More information about FreeBSD mirror sites can be found at:

http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html

For instructions on installing FreeBSD, please see Chapter 2 of The
FreeBSD Handbook. It provides a complete installation walk-through for
users new to FreeBSD, and can be found online at:

http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/install.html

Acknowledgments
– —————

Many companies donated equipment, network access, or man-hours to
finance the release engineering activities for FreeBSD 4.6.2,
including Compaq, Yahoo!, Sentex Communications, NTT/Verio, and The
FreeBSD Mall.

In addition to myself, the release engineering team for 4.6.2-RELEASE
includes:

Bruce A. Mah Release Engineering, Documentation
Robert Watson Release Engineering, Security
John Baldwin Release Engineering
Brian Somers Release Engineering
Steve Price Package Building
Will Andrews Package Building
Kris Kennaway Package Building
Jacques A. Vidrine Security Officer

Enjoy![/quote]

G.O.B.I.E – Graphic OpenBSD Installation Engine

G.O.B.I.E. is een project dat het mogelijk moet maken om OpenBSD grafisch te kunnen instaleren. Dit project is gemaakt in de spirit van OpenBSD‚ dit betekent dat ze proberen de installatie zoveel mogelijk overeen te laten komen met de text install van OpenBSD.

G.O.B.I.E. wil graag waarde toevoegen aan het product door het maken van installatie modules voor bekende services zoals BIND‚ Sendmail en Apache.

Hier zijn een [url=http://www.gobie.net/screenshots.html]paar screenschots[/url] hoe G.O.B.I.E. eruit moet gaan zien.

Het blijft security patches regenen (net zoals buiten). Dit keer is het de beurt aan kqueu‚ nfs en ffs. Hiernaast is er een update van de security patch van openssl.
Hieronder de links naar de workarounds en de oplossingen:
[url=ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:37.kqueue.asc]kqueu[/url]
[url=ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:36.nfs.asc]nfs server[/url]
[url=ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:35.ffs.asc]ffs filesystem[/url]
[url=ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc]openssl[/url]