Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2006.0855 -- [NetBSD]
NetBSD 3.0.2 and 3.1 available - multiple security fixes
20 November 2006
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Operating System: NetBSD 3.1
NetBSD 3.0.2
Impact: Execute Arbitrary Code/Commands
Denial of Service
Reduced Security
Access: Remote/Unauthenticated
CVE Names: CVE-2006-4339 CVE-2006-4096 CVE-2006-4095
CVE-2006-3740 CVE-2006-3739 CVE-2006-3467
Ref: ESB-2006.0686
ESB-2006.0685
ESB-2006.0683
ESB-2006.0605
ESB-2006.0414
- --------------------------BEGIN INCLUDED TEXT--------------------
The NetBSD Project is pleased to announce that versions 3.0.2 and 3.1 of the
NetBSD operating system are now available in both source and binary form.
About NetBSD 3.0.2 and 3.1
- --------------------------
NetBSD 3.0.2 is the second security/critical update of the NetBSD 3.0
release branch. This represents a selected subset of fixes deemed critical
in nature for stability or security reasons.
NetBSD 3.1 includes the same fixes but also provides new features like
general bug fixes, new drivers and other enhancements.
Complete source and binaries for NetBSD 3.0.2 and 3.1 are available for
download at many sites around the world. A list of download sites providing
FTP, AnonCVS, SUP, and other services is provided at the end of this
announcement; the latest list of available download sites may also be found
at:
http://www.NetBSD.org/mirrors/
We encourage users who wish to install via a CD-ROM ISO image to download
via BitTorrent by using the torrent files supplied in the ISO image area.
BitTorrent has recently been added to the list of distribution mechanisms
and its use is strongly encouraged to help keep bandwidth available.
Major Changes Between 3.0.1 and 3.0.2
- -------------------------------------
The complete list of changes can be found in the CHANGES-3.0.2 file in the
top level directory of the NetBSD 3.0.2 release tree.
A summary list of changes is as follows:
Kernel
o Avoid a panic in page fault handling that could occur under
low-memory conditions.
Networking
o Changed the default sshd_config(5) to enable SSH version 2 only.
o Don't accept TCP connections to broadcast addresses.
File system
o Fixed race condition in NFS renaming that could cause the renamed
file to be deleted.
Libraries
o When a user is created, initialize the string of secondary groups to
avoid it containing garbage when none is added.
Security
o Fixed a buffer overflow in the in-kernel PPP code share by ISDN PPP
interfaces ippp(4) and pppoe(4) (SA2006-019).
o X11: fixed an integer overflow in FreeType (SA2006-020).
o Fixed a potential DoS attack with sendmail(8) (SA2006-017).
o Fixed a DoS vulnerability in BIND (SA2006-022).
o Fixed a RSA signature forgery in openssl(1) (SA2006-023).
o X11: fixed a vulnerability in Adobe Type 1 font handling
(SA2006-021).
o Fixed a number of DoS vulnerabilities in openssl(1) (SA in prepara-
tion, CVE entries: 2006-2937, 2940, 3738 and 4343).
o Fixed a number of DoS vulnerabilities in sshd(8) (SA in preparation,
CVE entries: 2006-4924 and 5051).
Miscellaneous
o Fixed cross-building from hosts using GCC 4.x.
amd64 specific
o Make sure that the system reboots after a panic instead of halting.
sparc specific
o Disabled threading in named(8) on sparc and sparc64 to avoid a crash.
mac68k specific
o sysinst now newfs'es and mounts the target filesystem(s).
Major Changes Between 3.0 and 3.1
- ---------------------------------
The complete list of changes can be found in the CHANGES-3.1 file in the top
level directory of the NetBSD 3.1 release tree.
A summary list of changes is as follows:
Supported devices
o brgphy(4): added support for BCM5714 and BCM5780 PHY's.
o Added iteide(4): driver for ITE 8212 IDE controller.
o Added SpeedStep support for the Pentium M 710, 730, 740, 750, 760 and
770 CPU's.
o Added support for nForce430 ATA133 and SATA controllers.
o pdcsata(4): Added support for Promise PDC2057x, PDC20771, PDC20775,
PDC40518 and PDC40718 SATA Controllers.
o ums(4): Added support for Apple's "Mighty Mouse", and USB mice with
more than 7 buttons
o agp(4): Added support for Intel i915 chipset integrated graphics.
o pchb(4): Added support for Intel i925X, i945G/P and i955X hardware
RNG's.
o Added ciss(4): driver for the Command Interface SCSI-3 Support
implemented by recent HP/Compaq Smart Array RAID controllers.
o Added nfe(4): driver for NVIDIA nForce MCP Ethernet.
o Added svwsata(4): driver for Serverworks K2, Frodo4, Frodo8 and
HT-1000 SATA controllers.
o sk(4): added support for the DLink DGE-530T and DGE-560T Gigabit
Ethernet adapters.
o bge(4): added support for BCM5714, BCM5715, BCM5780/HT-2000 and
BCM5752 chip variants.
o wi(4): added support for Siemens SS1021 WLAN.
o Added twa(4): driver for the 3ware Apache RAID controllers.
o viaide(4): added support for nForce3 250 SATA controllers.
o hptide(4): added support for HPT368 IDE controller.
Networking
o Enabled SSL support in BIND.
o A second dhclient(8) instance now exists gracefully instead of
leaving the system in a broken state.
o Removed the date from the dhclient(8) generated resolv.conf(5) file,
since changes to this file are tracked by /etc/security.
o Changed the default sshd_config(5) to enable SSH version 2 only.
o Don't accept TCP connections to broadcast addresses.
File system
o The stability of the LFS file system has been vastly improved.
o Added scan_ffs(8) from OpenBSD (modified to also support FFSv2 and
LFS), a utility to recover lost disklabels.
o Write performance of large files to msdos filesystems has been
improved.
o We now drop into single-user mode when /etc/rc.d/fsck is interrupted
by ^C at boot-time.
Libraries
o Password aging works again.
Security
o Fixed a denial of service vulnerability in sendmail when handling
malformed multipart MIME messages (SA2006-017).
o Fixed a buffer overflow in the in-kernel PPP code share by ISDN PPP
interfaces ippp(4) and pppoe(4) (SA2006-019).
o X11: fixed an integer overflow in FreeType (SA2006-020).
o Fixed a potential DoS attack with sendmail(8) (SA2006-017).
o Fixed a DoS vulnerability in BIND (SA2006-022).
o Fixed a RSA signature forgery in openssl(1) (SA2006-023).
o X11: fixed a vulnerability in Adobe Type 1 font handling
(SA2006-021).
o Fixed a number of DoS vulnerabilities in openssl(1) (SA in prepara-
tion, CVE entries: 2006-2937, 2940, 3738 and 4343).
o Fixed a number of DoS vulnerabilities in sshd(8) (SA in preparation,
CVE entries: 2006-4924 and 5051).
Miscellaneous
o Various RAIDframe bugfixes.
o Updated Postfix to 2.2.11.
o Updated BIND to 9.3.2.
o Added ex(1) to /rescue.
o Fixed some special case expansions in sh(1).
o Fixed cross-building from hosts using GCC 4.x.
o Many, many more additions, improvements and bug fixes.
alpha specific
o Support booting from FFSv2 filesystems.
amd64 specific
o Make sure that the system reboots after a panic instead of halting.
mac68k specific
o sysinst now newfs'es and mounts the target filesystem(s).
sparc specific
o Disabled threading in named(8) on sparc and sparc64 to avoid a crash.
xen specific
o Added Xen-3 domU support.
o Renamed XEN kernel config files to be more consistent: XEN2_DOM0,
XEN2_DOMU, XEN3_DOMU, INSTALL_XEN2_DOMU and INSTALL_XEN3_DOMU.
Please note that at the moment, sysinst will not assist you in installing
pre-built third-party binary packages or the pkgsrc system itself. See the
NetBSD packages collection documentation:
http://www.NetBSD.org/Documentation/software/packages.html
About NetBSD
- ------------
NetBSD is a general-purpose Open Source operating system that provides
interfaces for running a wide range of applications on a big number of
different hardware platforms, all from one source tree. Applications can
range from proprietary closed source applications to Open Source software,
covering desktop environments, database servers, firewalls, routers,
embedded appliances and many more, all made available easily through pkgsrc,
the NetBSD Packages Collection, which currently contains over 6.300
packages. Picking up its ancestry from the Berkeley Networking Release 2
(Net/2), 4.4BSD-lite and 4.4BSD-Lite2, the NetBSD project continues to
provide its application platform on a wide range of hardware platforms - not
only vintage hardware, but also modern desktop and server hardware with
Intel and AMD Opteron CPUs as well as embedded systems with MIPS, PowerPC,
Super-H, ARM and Xscale CPUs. More recently, NetBSD was also ported to
"virtual" hardware provided by the Xen machine monitor.
Today, NetBSD runs on 54 different system architectures featuring 17 machine
architectures across 17 distinct CPU families, all from a single source tree.
In addition, the system offers cross compiling for the kernel, userland and
the X Window system.
More information on the goals of the NetBSD Project can be procured from the
NetBSD web site at:
http://www.NetBSD.org/Goals/
NetBSD is free. All of the code is under non-restrictive licenses, and may
be used without paying royalties to anyone. Free support services are
available via our mailing lists and web site. Commercial support is
available from a variety of sources; some are listed at:
http://www.NetBSD.org/gallery/consultants.html
More extensive information on NetBSD is available from the NetBSD web site:
http://www.NetBSD.org/
NetBSD is the work of a diverse group of people spread around the world. The
`Net' in our name is a tribute to the Internet, which enables us to
communicate and share code, and without which the project would not exist.
Acknowledgments
- ---------------
The NetBSD Foundation would like to thank all those who have contributed
code, hardware, documentation, funds, colocation for our servers, web pages
and other documentation, release engineering, and other resources over the
years. More information on the people who make NetBSD happen is available
at:
http://www.NetBSD.org/People/
We would like to especially thank the University of California at Berkeley
and the GNU Project for particularly large subsets of code that we use. We
would also like to thank the Internet Software Consortium and the Helsinki
University of Technology for current colocation services.
About the NetBSD Foundation
- ---------------------------
The NetBSD Foundation was chartered in 1995, with the task of overseeing
core NetBSD project services, promoting the project within industry and the
open source community, and holding intellectual property rights on much of
the NetBSD code base. Day-to-day operations of the project are handled by
volunteers.
As a non-profit organisation with no commercial backing, The NetBSD
Foundation depends on donations from its users, and we would like to ask you
to consider making a donation to the NetBSD Foundation in support of
continuing production of our fine operating system.
Donations can be done via PayPal (paypal@NetBSD.org) and are fully tax-
deductible in the US. If you would prefer not to use PayPal, or would like
to make other arrangements, please contact <finance-exec@NetBSD.org>.
NetBSD mirror sites
- -------------------
Please use a mirror site close to you.
* FTP - http://www.NetBSD.org/mirrors/#ftp
* ISO images - http://www.NetBSD.org/mirrors/#iso
* Anonymous CVS - http://www.NetBSD.org/mirrors/#anoncvs
* BitTorrent - http://www.NetBSD.org/mirrors/#bittorrent
* SUP - http://www.NetBSD.org/mirrors/#sup
* CVSup - http://www.NetBSD.org/mirrors/#cvsup
* rsync - http://www.NetBSD.org/mirrors/#rsync
* AFS - http://www.NetBSD.org/mirrors/#afs
* NFS - http://www.NetBSD.org/mirrors/#nfs
Please also note our list of CD-ROM vendors.
http://www.NetBSD.org/Sites/cdroms.html
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRWEzlyh9+71yA2DNAQJKWQQAg6l1iSCxXoRRm/wkXOzDpxlNBy9YoF7w
uT8QLgMr93UKCP4nB14VPl4xjE6bhIXGGNCAdbcxhbAl5mOQN/Vt0kOqTmt84glT
X5wS0eu1+HCQZI0vAN/cypODyasF+lERoUiwJh1GsZlvT6DaabmQk+0cOzPHtClc
kRAkzYTlDkQ=
=NqdN
-----END PGP SIGNATURE-----