|
security scripts diff
|
| |
Dear colleagues, looking at regular security mails I found that foloowing patch would greatly desreases amount of false positive reports; it's totally possible I'm missing some vital areas, but my current look at security scripts did not reveal any. What do you think? Thank you in advance. marck@woozle:/lh/src.current/e tc/periodic/security> cvs -R diff... more »
|
|
|
PHK's MD5 might not be slow enough anymore
|
| |
See your copy of /usr/src/lib/libcrypt/crypt-md 5.c: /* * and now, just to make sure things don't run too fast * On a 60 Mhz Pentium this takes 34 msec, so you would * need 30 seconds to build a 1000 entry dictionary... */ for(i = 0; i < 1000; i++) {... more »
|
|
|
pf rules
|
| |
hi all... doing testing with pf... how is it possible that if i have these rules below in pf.conf if i do: telnet that.host.org 25 i get: Trying xx.xx.xx.xx... Connected to that.host.org. Escape character is '^]'. ........... etc ....... pf.conf contetns: tcp_in = "{ www, https }" ftp_in = "{ ftp }"... more »
|
|
|
[Fwd: OpenSSL 1.0.0 beta5 release]
|
| |
All: Per Daniele Sluijters's inquiry on the 15th,CVE-2009-4355, as well as with a provision/draft fix for CVE-2009-3555 MITM/Renegotiation Venerability. I suspect we wont have a patch out for RELENG_6_3 by the 31st? But I'm willing to maintain one for another few months. ~BAS -------- Forwarded Message --------... more »
|
|
|
sendmail 8.14.4
|
| |
I'm seeing this in the release notes for the latest release of sendmail, plus a customers PCI scan is reporting this as a problem. I know many of these scans tend to do version string checks and don't actually check if the problem is possible to exploit, but I just wanted your thoughts on if this is something the security team feels it needs to deal with... more »
|
|
|
CVE-2009-4355 / openssl memory leak in SSLv3 (DoS)
|
| |
Yesterday most major linux distributions pushed an update to their servers with a patched version of openssl conerning CVE-2009-4355. However, I have unitl now been unable to find anything on the subject (no SA or anything on VuXML) as to how this bug affects FreeBSD and if there's a patch on its way to the upstream ports-tree.... more »
|
|
|
OpenSSL marked deprecated?
|
| |
Why is the OpenSSL port marked deprecated? No security issue, but the port builds... no fallback to a safe alternative, no known fix? Does the security team know? ===> Cleaning for openssl-0.9.8l_1 ===> openssl-0.9.8l_1 is marked as broken: coredumps on i386 and amd64. *** Error code 1 Maybe someone should explain this in a way we can understand? The port... more »
|
|
|
TLS renegotiation fix approved
|
| |
The IESG today approved the publication of the fix for the SSL/TLS renegotiation protocol bug as a Proposed Standard. We should expect to see updates from all the major security libraries (OpenSSL, GnuTLS, and NSS) fairly quickly as the developers have all been involved in the process and have already implemented the draft version of the fix.... more »
|
|
|
FreeBSD Security Advisory FreeBSD-SA-10:03.zfs
|
| |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================== ============================== ================= FreeBSD-SA-10:03.zfs Security Advisory The FreeBSD Project Topic: ZFS ZIL playback with insecure permissions... more »
|
|
|
