FreeBSD Security Advisories and Errata Noticies

submited 07 April 2021

  • FreeBSD Errata Notice - pf(4) may fail to load filtering rules if they cause the default requestmaxcount bound to be exceeded. Users that relied on loader.conf to increase the requestmaxcount value could see their rules fail to load.
  • FreeBSD Errata Notice FreeBSD-EN-21:10.lldb - Attempts to use lldb's print command (p alias) resulted in lldb aborting. Some common debugger functionality cannot be used.
  • FreeBSD Security Advisory FreeBSD-SA-21:08.vm - A particular case of memory sharing is mishandled in the virtual memory system. It is possible and legal to establish a relationship where multiple descendant processes share a mapping which shadows memory of an ancestor process. In this scenario, when one process modifies memory through such a mapping, the copy-on-write logic fails to invalidate other mappings of the source page. These stale mappings may remain even after the mapped pages have been reused for another purpose.
  • FreeBSD Security Advisory FreeBSD-SA-21:09.accept_filter - An unprivileged process can configure an accept filter on a listening socket.
  • FreeBSD Security Advisory FreeBSD-SA-21:10.jail_mount - Due to a race condition between lookup of ".." and remounting a filesystem, a process running inside a jail might access filesystem hierarchy outside of jail.
The BSD community linklog
Made a script? Written a blog post? Found a useful tutorial? Share it with the BSD community here or just enjoy what everyone else has found!


20 April 2021
Valuable News – 2021/04/19  

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems.

19 April 2021
Distrowacth reviews helloSystem 0.5.0  

Unfortunately the operating system's live media failed to boot on their test systems, systems which can run FreeBSD, and so they put it aside to try another project.

FreeBSD Desktop – Part 23 – Configuration – Herbe Notifications  

Very small and compact solution for notifications on X11 desktop – herbe – as its author describes it – its daemon-less notifications without D-Bus. Minimal and lightweight.

Enjoying DiscoverBSD? There is more...

Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles. It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).

You can also support the work on Patreon.
18 April 2021
LibreSSL 3.3.2 Released  

This is the last development release for the 3.3.x branch before it is declared stable.

16 April 2021
How to Configure DNS over TLS (DoT) Using Unbound DNS in OPNsense  

Since Unbound DNS in OPNsense does not support DNS over HTTPS (DoH) directly, it was necessary to use the DNSCrypt-Proxy plugin. The plugin also supports DNS over TLS (DoT). However, Unbound gained native support for DoT at some point in time, which is very nice. Because of built-in support for DoT, the configuration of DNS over TLS becomes pretty trivial.

15 April 2021
FreeBSD iostat – A Quick Glance  

iostat provides a window into the i/o effort of the storage subsystem. You can use it to determine usage patterns, bottlenecks and poor behavior at a glance. It can produce data to support conclusions and suggest further avenues of investigation when used judiciously. In this article, we will dissect its output and introduce disk subsystem troubleshooting using statistical output from iostat.

OpenBSD Errata: April 13th, 2021 (xi)  

Errata patches for the X server have been released for OpenBSD 6.7 and 6.8. Input validation failures in X server XInput extension can lead to privileges elevations for authorized clients. Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility.

load more