Issue 193
Published July 10, 2024

NetBSD advisory about regreSSHion and more.

Releases

No releases.

BSDSec

NetBSD Security Advisory 2024-002: OpenSSH CVE-2024-6387 `regreSSHion’: The sshd(8) LoginGraceTime option sets the maximum time that sshd(8) will wait before a new connection attempts to authenticate, to mitigate denial of service attacks. If set to zero, there is no maximum time. The option is implemented in sshd(8) by a SIGALRM handler. The SIGALRM handler logs a message with syslog_r(3), formatted to be safe for terminals with strnvis(3). Both of these library routines may call malloc(3), which is not async-signal-safe. If the SIGALRM is delivered while another part of sshd(8) is interrupted in during a malloc(3) call (or a related function such as calloc(3) or free(3)), this can corrupt malloc’s internal data structures, which can lead to remote code execution.

As always, it’s worth following BSDSec. RSS feed available.

News

DeadBSD n4 - Project-Trident: Project-Trident had a great deal of potential, but, it didn’t know what it wanted to be, and as such it lost momentum. A shame indeed and in this video we’ll take a look back at one of the last versions released.

BSD Now 566: Open Source Excellence: A Journey Through 31 Years of Open Source Excellence, Proxmox vs FreeBSD: Which Virtualization Host Performs Better?, Upstreaming FreeBSD Code to the Linux Vector Packet Processor Project, FreeBSD Tips and Tricks: Creating Snapshots With UFS, My Concern With Rust, or a Case for the BSD’s, and more.

DeadBSD n3 - LIVEstep - 2020: Live ISO based on FreeBSD/FuryBSD with GNUstep as it’s desktop. Picture it as the precursor to helloSystem which was also created by Probono. It’s a nice OS in it’s own right, and would be great to see picked up and developed further.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!

Become a Sponsor! Become a Patron!

We won't spam you. Unsubscribe any time.