OpenBSD Errata: October 31, 2024 (aplsmc)

submited 01 November 2024

Errata patches for Apple system management controller have been released for OpenBSD 7.6 and 7.5. Binary updates for the arm64 platform are available via the syspatch utility.

The BSD community linklog
Made a script? Written a blog post? Found a useful tutorial? Share it with the BSD community here or just enjoy what everyone else has found!

Submit

03 November 2024
HardenedBSD October 2024 Status Report  

This status report covers both September and October 2024 and talks about changes in source tree, ports and more.

FreeBSD 14.2-BETA1 Available  

The first BETA build for the FreeBSD 14.2 release cycle is now available. ISO images for the amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv7, aarch64, and riscv64 architectures are FreeBSD mirror sites.

01 November 2024
BSD Now 583: A host of self-hosters  

Run Linux Containers on FreeBSD 14 with Podman, Open Source FreeBSD NAS: Maintenance Best Practices, Self-hosting Bitwarden / VaultWarden on FreeBSD, I most definitely should (self-host)!, My 71 TiB ZFS NAS After 10 Years and Zero Drive Failures, Make Your Own CDN With OpenBSD Base and Just 2 Packages, and more.

OpenBSD Errata: October 31, 2024 (aplsmc)  

Errata patches for Apple system management controller have been released for OpenBSD 7.6 and 7.5. Binary updates for the arm64 platform are available via the syspatch utility.

Enjoying DiscoverBSD? There is more...

Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles. It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).

You can also support the work on Patreon.
31 October 2024
FreeBSD Security Advisory FreeBSD-SA-24:19.fetch  

The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option.

FreeBSD Security Advisory FreeBSD-SA-24:18.ctl  

The command ctlpersistentreserveout allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator. A malicious guest could cause a Denial of Service (DoS) on the host. IV. Workaround No workaround is available. Systems not using virtioscsi(4) or ctld(8) are not affected.

FreeBSD Security Advisory FreeBSD-SA-24:17.bhyve  

Several vulnerabilities were found in the bhyve hypervisor's device models. The NVMe driver function nvmeopcgetlogpage is vulnerable to a buffer over- read from a guest-controlled value. (CVE-2024-51562) The virtiovqrecordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition. (CVE-2024-51563) A guest can trigger an infinite loop in the hda audio driver. (CVE-2024-51564) The hda driver is vulnerable to a buffer over-read from a guest-controlled value. (CVE-2024-51565) The NVMe driver queue processing is vulernable to guest-induced infinite loops. (CVE-2024-51565).

FreeBSD Errata Notice FreeBSD-EN-24:17.pam_xdg  

As a user logs in, if the per user XDGRUNTIMEDIR directory already exists, a file descriptor to that directory is leaked in the calling process. This leaked directory file descriptor is inherited by all descendant processes that do not explicitly close it. In particular, it prevents an administrator from using jexec(8) or launching a new jail via jail(8), as both commands use the jailattach(2) system call which fails with EPERM if the calling process has an open directory in its file descriptor table, as a security measure to prevent jail escape. This file descriptor leak is normally harmless from a security standpoint as the XDGRUNTIME_DIR directory's content is usually readable and modifiable only by its owner and its group.

OpenBSD Errata: October 29, 2024 (xserver ssh)  

Errata patches for X11 server have been released for OpenBSD 7.6 and 7.5. Errata patch for OpenSSH has been released for OpenBSD 7.6. Binary updates for the amd64, arm64 and i386 platform are available via the syspatch utility. OpenSSH update only affects big-endian architectures, syspatch is not provided for such platforms.

30 October 2024
Operate Android Device on FreeBSD  

Do you want to run some software that does not have FreeBSD package? With the help of SCRCPY you can control any Android device from a desktop computer.

load more