Today we are addressing CVE-2018-18958 regarding an unenforced "deny config write" privilege. The issue was reported by brainrecursion this Monday and subsequently fixed along with several related issues. The "deny config write" privilege coupled with admin or user and group manager rights are affected combinations. It is an uncommon way to configureaccess as the "deny config write" privilege is commonly used for role-based access to non-system services, e.g. captive portals.
As we cannot be sure that no further issues of this sort exist please refrain from using the "deny config write" privilege or at least stop giving access to system services or full admin rights to these users or groups. In the midterm we will be looking for replacements of the current privilege for something that is more generic and robust in enforcement.
Additionally, the update to Suricata 4.0.6 addresses the SMTP crash vulnerability CVE-2018-18956. Since the update does not reboot without an operating system update please manually restart the intrusion detection service.
It represents a selected subset of fixes deemed important for security or stability reasons since the release of NetBSD 9.3 in August 2022, as well some enhancements backported from the development branch. It is fully compatible with NetBSD 9.0. Users running 9.3 or an earlier release are strongly recommended to upgrade.
Youtube video tutorial showing how to install Haskell, setup VIM to use the Haskell Language Server and finally, write a simple program, compile it and run.
The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX/BSD/Linux systems.
The SSDF is a key resource for entities working with the US Government, facilitating compliance with NIST SP 800-218 Section 4e as recommended by the United States Cybersecurity and Infrastructure Security Agency (CISA) in consultation with the General Services Administration (GSA) and the Office of Management and Budget (OMB). This initiative aligns with the goals of Executive Order 14028, issued by the Biden Administration in May of 2021, and Memorandum M-22-18, issued in September of 2022, aimed at enhancing national cybersecurity.
Kubernetes and back - Why I don't run distributed systems, NetApp’s strategic contributions to FreeBSD: a deep dive into upstreaming efforts, Make your own E-Mail server - Part 2 - Adding Webmail and More with Nextcloud, Poudriere on Apple Silicon, One less Un*xy option for 32-bit PowerPC, and more.
A series of commits by Jeremie Courreges-Anglas (jca@) has modified tar(1) such that its default write format (for archives) is that of pax(1).
Continuation of news regarding iX focusing more on Linux and less on BSD, addressing some of the concerns of BSD users.
The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX/BSD/Linux systems.
The Travel Grant Application for BSDCan 2024 is now open. The FreeBSD Foundation can help you attend BSDCan through our travel grant program. Travel grants are available to FreeBSD developers and advocates who need assistance with travel expenses for attending conferences related to FreeBSD development.
The XZ Backdoor, NetBSD 10.0, iX announces that they will put out a release of TrueNAS 13.3, State of the Terminal, LibreSSL 3.8.4 and 3.9.1 released and more.