Issue 162
Published October 11, 2023

Bunch of FreeBSD Security advisories and more.

Releases

No releases.

BSDSec

FreeBSD Security Advisory FreeBSD-SA-23:14.smccc: To mitigate speculative execution side channel attacks on some AArch64 hardware the kernel can call into the boot firmware using the Secure Monitor Call Calling Convention (SMCCC) mechanism. To decide if the kernel needs to use the SMCCC mitigation on a given CPU it can query the firmware if the SMCCC workaround is present. On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized.

FreeBSD Security Advisory FreeBSD-SA-23:13.capsicum: A sandboxed process with only read or write but no seek capability on a file descriptor may be able to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.

FreeBSD Security Advisory FreeBSD-SA-23:12.msdosfs: In certain cases using the truncate or ftruncate system call to extend a file size populates the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. A user with write access to files on a msdosfs file system may be able to read unintended data (for example, from a previously deleted file).

FreeBSD Errata Notice FreeBSD-EN-23:12.freebsd-update: freebsd-update was unable to handle the case where a file in the “old” version changed to a directory in the “new” version. This case occurs with upgrades to FreeBSD 14.0, as /usr/include/c++/v1/__string exists as a file in 12.4 and 13.2, and as a directory in FreeBSD 14.0.

FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED]: freebsd-update incorrectly deleted files in /etc/ in the event the file to be updated matched the new release and was different than the old release. This has not been an issue previously because the $FreeBSD$ tag expansion from subversion virtually guaranteed the existing file was going to be different from the new release. With the conversion to git in the 13.x releases, $FreeBSD$ is no longer expanded, making it much more likely that a file would find this issue.

As always, it’s worth following BSDSec. RSS feed and Twitter account available.

News

Valuable News – 2023/10/09: The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems.

BSD Now 527: Reports are in: Unlocking Infrastructure Sovereignty, first meeting of the FreeBSD Enterprise Working Group, HardenedBSD August 2023 Status Report, GhostBSD August 2023 donation report, MidnightBSD 3.1 Released, OpenBSD Webzine ISSUE 14, and more.

Introducing Students to FreeBSD: One of the Foundation’s goals for 2023-2024 is to increase the adoption and visibility of FreeBSD. This is a pretty broad and lofty goal, so they’ve broken this down into a few key markets/audiences they plan to target. One group they’ve identified is college students. Introducing FreeBSD to people early on in their education paths will help prepare them for jobs in systems programming, and provide marketable skills for many opportunities going forward. Plus, the Project benefits by having more people contributing to FreeBSD.

New to FreeBSD? Here’s Where to Connect with the Community: The FreeBSD Project is always excited for new users and contributors! The easiest way to get involved is through the community itself: mailing lists, social media, and local meetups. These spaces are filled with FreeBSD users, developers, and enthusiasts who are excited to help new users. They’re great places to discuss FreeBSD, meet community members, and ask questions about the operating system.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!

Become a Sponsor! Become a Patron!

We won't spam you. Unsubscribe any time.