![[NetBSD Logo]](/tnf/resource/NetBSD-headerlogo.png)
Statement on backdoor in xz library
Recently, a backdoor was discovered in the xz compression library. XZ/liblzma are included as part of NetBSD and used by the project for distribution of new releases and packages.
The version of xz shipped in all stable (and unstable) versions of NetBSD predates any code changes by the author of the backdoor. NetBSD is therefore safe and unaffected by the recent discoveries.
[Read More] [1 comment]
Network Security Audit
Security audit of NetBSD's network stack
[Read More] [6 comments]
Recent Security Affairs
An update on the recent security affairs and how they are, or were, handled on NetBSD[Read More] [1 comment]
The strongest KASLR, ever?
latest developments in the Kernel ASLR district[Read More] [3 comments]
Kernel ASLR on amd64
Recently, I completed a Kernel ASLR implementation for NetBSD-amd64, making NetBSD the first BSD system to support such a feature. Simply said, KASLR is a feature that randomizes the location of the kernel in memory, making it harder to exploit several classes of vulnerabilities, both locally (privilege escalations) and remotely (remote code executions).[Read More] [2 comments]
New Security Advisories: NetBSD-SA2011-002 OpenSSL TLS race condition and NetBSD-SA2011-003 kernel memory exhaustion
Two new NetBSD Security Advisories have been published affecting OpenSSL and the kernel.
[Read More] [0 comments]
New Security Advisories: NetBSD-SA2010-012 OpenSSL TLS race condition and NetBSD-SA2010-013 UDP6 Option Local DoS
Two new security advisories were published:
- NetBSD-SA2010-012 OpenSSL TLS extension parsing race condition.
- NetBSD-SA2010-013 UDP6 Option Parsing local Denial of Service
You can find more information about them on the Security and NetBSD page.
[0 comments]
New Security Advisory: NetBSD-SA2010-008 sftp(1)/ftp(1)/glob(3) related resource exhaustion
A new NetBSD security advisory has been published affecting the glob library and the SSH (sftp) and FTP daemons.
[Read More] [0 comments]
New Security Advisory: NetBSD-SA2010-007 Integer overflow in libbz2 decompression code
A new NetBSD security advisory has been published affecting the bzip2(1) program, the libbz2 library and the rescue system.
[Read More] [0 comments]
New Security Advisory: NetBSD-SA2010-003 azalia(4)/hdaudio(4) negative mixer index panic
A new NetBSD security advisory has been published affecting the azalia(4) and hdaudio(4) drivers.
[Read More] [0 comments]
New package security checks
The pkgsrc tools have had, for a long time, the ability to validate the installed packages against a database of known vulnerabilities. We have encouraged administrators to add the proper commands to their crontabs to refresh the database and to run the package auditing command. But... the package tools are shipped with the system, and we ship a crontab for root... we could do better then, could we?
As of now, the /etc/daily script, which is part of the default root crontab, will refresh the vulnerabilities database. And the /etc/security script, executed by /etc/daily, will run the vulnerability and integrity checks provided by pkg_admin. The result is that you will get all the package auditing checks out of the box as soon as you start installing packages on a NetBSD system!
All of these settings are, of course, tunable through /etc/daily.conf and /etc/security.conf, and they will only run if they detect any installed packages.
[3 comments]
New Security Advisories: NetBSD-SA2010-001 (Module autoloading) and NetBSD-SA2010-002 (OpenSSL)
Two new security advisories have been released, affecting the NetBSD kernel file system module autoloader and OpenSSL.
[Read More] [0 comments]