Issue 153
Published July 05, 2023

Bunch of NetBSD advisories, so get ready, plus more.

Releases

No releases.

BSDSec

NetBSD Security Advisory 2023-006: KDC-spoofing in pam_krb5: Workarounds are described in the article.

NetBSD Security Advisory 2023-005: su(1) bypass via pam_ksu(8): Workaround is to disable pam_ksu(8) or installed fixed versions.

NetBSD Security Advisory 2023-004: procfs environ exposure: This can expose secrets, since the process environment is often used to hold things like secret access keys. Workaround: Avoid mounting procfs. If you need to mount procfs, update the kernel to a fixed version and reboot.

NetBSD Security Advisory 2023-003: Structure padding memory disclosures: Many system calls can disclose kernel memory due to structure padding. There are pre-built binaries for all architectures and NetBSD versions.

NetBSD Security Advisory 2023-002: Various compatibility syscall memory access issues: Update the kernel to a fixed version and reboot to fix those issues.

NetBSD Security Advisory 2023-001: Multiple buffer overflows in USB drivers: To fix this issue, update the kernel to a fixed version and reboot.

As always, it’s worth following BSDSec. RSS feed and Twitter account available.

News

Valuable News – 2023/07/03: The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems.

HardenedBSD June 2023 Status Report: The main message is that the development and build infrastructure is back online.

BSD Now 513: New Host Interview: New show host, Understanding ZFS vdev Types, Don’t abuse su for dropping user privileges, Dynamic Tracing on OpenBSD 7.3, new Libressl, Manual Jails on FreeBSD 12, and more.

Announcing the pkgsrc-2023Q2 branch: The pkgsrc developers have announced the 79th quarterly release of pkgsrc, the cross-platform packaging system. pkgsrc contains over 27,000 packages, with varying support across 23 distinct operating systems. Since the pkgsrc-2023Q1 release, 287 packages were added, 55 removed, and 2763 updates (to 1918 distinct packages) were processed. These included 11 Go, 128 Perl, 610 Python, 226 Ruby, and 414 TeX package updates.

Tutorials

NFSv4 Server Inside FreeBSD VNET Jail: Article provides a step-by-step guide on how to create a VNET jail, install the necessary packages, configure the NFS server, and test the setup.

Ad Blocking with pfSense Software: The article explains how to use pfSense, a free and open source firewall and router, to block ads on your network. It also compares different methods of ad blocking and their advantages and disadvantages.

FreeBSD – Linux and FreeBSD Firewalls – Part 2: In the first article of this series, they covered the major differences between two types of firewalls platforms - either Linux or FreeBSD based and what the options are. In the second part, they go a bit deeper and discuss how egress filtering is done, and how tables and sets are built.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!

Become a Sponsor! Become a Patron!

We won't spam you. Unsubscribe any time.