Issue 204
Published September 25, 2024

FreeBSD 13.4 release, FreeBSD 14.0 end-of-life and more.

Releases

FreeBSD 13.4-RELEASE: The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 13.4-RELEASE. This is the fifth release of the stable/13 branch. Since this release is occurring late in a legacy stable branch, there are few new features; rather, the focus is primarily on maintenance. As such, changes since 13.3-RELEASE consist mostly of bug fixes, driver updates, and new versions of externally-maintained software.

BSDSec

FreeBSD Security Advisory FreeBSD-SA-24:16.libnv: It is possible for an attacker to overwrite portions of memory (in userland or the kernel) as the allocated buffer might be smaller than the data received from a malicious process. This vulnerability could result in privilege escalation or cause a system panic.

FreeBSD Security Advisory FreeBSD-SA-24:15.bhyve: A malicious, privileged software running in a guest VM can exploit the vulnerability to crash the hypervisor process or potentially achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.

FreeBSD Errata Notice FreeBSD-EN-24:16.pf: Patches for a previous security advisory, FreeBSD-SA-24:05, were incomplete and introduced some overly strict pf state tracking for ICMPv6 packets.

OpenBSD Errata: September 17, 2024 (expat nfs readdir elf): Errata patches for libexpat and kernel have been released for OpenBSD 7.5 and 7.4. Binary updates for the amd64, arm64 and i386 platform are available via the syspatch utility.

As always, it’s worth following BSDSec. RSS feed and Twitter account available.

News

FreeBSD 14.0 end-of-life: As of October 1st, 2024, FreeBSD 14.0 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 14.0 are strongly encouraged to upgrade to a newer release as soon as possible.

BSD Now 577: Multi-Threaded LZ4: New Host Introduction, From Bridging to Routing With FreeBSD, Sovereign Tech Fund to Invest €686,400 in FreeBSD Infrastructure Modernization, The Dying Computer Museum, In practice, abstractions hide their underlying details, LZ4 Compression Algorithm Gets Multi-Threaded Update, Using Windows or Linux on FreeBSD’s vm-bhyve, and more.

OpenBSD -current has moved to version 7.6: For those unfamiliar with the process: this is not the 7.6 release, but is part of the standard build-up to the release.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!

Become a Sponsor! Become a Patron!

We won't spam you. Unsubscribe any time.