deadsimple BSD Security Advisories and Announcements

MidnightBSD 1.1 Release

I’m happy to announce the availability of MidnightBSD 1.1 for amd64 and i386.  This is a minor release to fix a few hardware and security issues that have come up since the 1.0 release.  It is strongly recommended that you upgrade, particularly if you have newer Intel hardware.

This release also includes a new version of OpenSSL.  This is a move from 1.0.1 to 1.0.2p in base. Many mports are built with a package and will likely not be affected. It is still recommended that you rebuild any mports using SSL or update the packages as appropriate. 

OpenSSH was also updated and removes support for older SSH v1 connections.  

A bug fix for ICMP underwrites is included. The icmp_error routine allocates either an mbuf or a cluster depending on the size of the data to be quoted in the ICMP reply, but the calculation failed to account for additional padding on 64-bit platforms when using a non-default sysctl value for net.inet.icmp.quotelen.

Perl 5.28.0 fixes a number of security issues present in the older 5.26 version included with 1.0.  
3rd party software
ACPICA 20170728
Perl 5.28.0
mksh R56c
OpenSSH 7.5p1
OpenSSL 1.0.2p
Add the ability to disable TRIM on specific controllers or drives that have bugs. This includes some ASMedia controllers using on AMD hardware.
Several bugs with Intel em(4) and igb(4) network card drivers have been fixed.

- Or in the DMA coalescing Rx threshold so the other bits set in E1000_DMACR
remain intact as intended in igb_init_dmac(). [1]
- Fix igb corrupting checksums with BPF and VLAN

Fix MSI-X to properly fail allocations when full. The off-by-one errors in 332735 weren't actual errors and were preventing the last MSI interrupt source from being used.
Mport Package Manager
Introduced new setting to set the mirror region you wish to use. Currently, we have two mirrors including the main site in Ypsilanti, MI and another in Japan. 
mport config get mirror_region
mport config set mirror_region jp
Known Issues
There is a known issue with scp in OpenSSH.  While this version does not fix the issue, it is new enough that we expect to be able to release a patch for it soon.  We chose to release anyway due to issues with OpenSSL and Perl. 

Several issues were reported with the 1.0 release an the LiveCD functionality. These have not been corrected yet. We recommend installing MidnightBSD in a virtual machine to try it out before committing to dedicated hardware with it. 

At the time of release, several packages are still getting updated in mports. Initial package availability will be limited, but we expect better support going forward.

mports/devel/p5-version must be updated in order to work with the system perl. 

Lucas Holt
________________________________________________________ (Free OS) (Free blogging)

Midnightbsd-security mailing list