Issue 171
Published December 20, 2023

Minor MidnightBSD release and more. Have a good one!


MidnightBSD 3.1.2: MidnightBSD 3.1.2 includes a security update for pf and a new version of mport package manager. Note: There is a bug in mport package manager in this release and mport upgrade is not working properly. You can still update packages with mport update individually. They are working on a fix that will be included in a future release.


OpenBSD Errata: December 14, 2023 (xserver): Errata patches for X server have been released for OpenBSD 7.4 and 7.3. Binary updates for the amd64, arm64 and i386 platform are available via the syspatch utility.

FreeBSD Security Advisory FreeBSD-SA-23:18.nfsclient: When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever data had been in the packet buffer previously. Thus, an unprivileged user with access to an affected system may abuse the bug to trigger disclosure of sensitive information. In particular, the leak is limited to data previously stored in mbufs, which are used for network transmission and reception, and for certain types of inter-process communication. The bug can also be triggered unintentionally by system applications, in which case the data written by the application to an NFS mount may be corrupted. Corrupted data is written over the network to the NFS server, and thus also susceptible to being snooped by other hosts on the network. Note that the bug exists only in the NFS client; the version and implementation of the server has no effect on whether a given system is affected by the problem.

OpenBSD Errata: December 10, 2023 (vmm, pf): Errata patches for vmm have been released for OpenBSD 7.4 and 7.3. Errata patch for pf has been released for OpenBSD 7.4. Binary updates for the amd64, arm64 and i386 platform are available via the syspatch utility.

As always, it’s worth following BSDSec. RSS feed and Twitter account available.


Valuable News – 2023/12/18: The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems.

2024 FreeBSD Community Survey is Here: The FreeBSD Core Team and the FreeBSD Foundation invite you to complete the 2024 FreeBSD Community Survey. The purpose of this survey is to collect quantitative data from the public in order to help guide the Project’s priorities and efforts.

Security, Performance, and Interoperability; Introducing FreeBSD 14: The FreeBSD community is proud to herald the release of FreeBSD 14. FreeBSD 14 represents the 82nd release in the history of one of the world’s first open source projects, and contains over two and a half years of development work since the launch of the previous release. In this blog, we’ll take a look at these key themes to outline what’s new in FreeBSD 14, and more importantly, why it matters.

BSD Now 537: OpenZFS Storage Best Practices and Use Cases pt 2, MNT Reform – almost a year on, Why do I know shell, and how can you, Authenticate the SSH servers you are connecting to, dsynth in DragonFly, Navigating around in shell, and more.


OpenZFS Storage Best Practices and Use Cases – Part 3: Databases and VMs: In the conclusion of our ZFS Best Practices series they’re covering two of the trickiest use cases, databases and virtual machine hosting.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!

Become a Sponsor! Become a Patron!

We won't spam you. Unsubscribe any time.