Issue 36
Published September 9, 2020

Still running FreeBSD 11.3? Time to upgrade as it reaches EOL. We also take a look at the rest of BSD world with latest SAs, releases, news and tutorials.

FreeBSD 11.3 end-of-life

As of September 30, 2020, FreeBSD 11.3 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 11.3 are strongly encouraged to upgrade to a newer release as soon as possible.

The currently supported branches and releases and their expected end-of-life dates are:

Branch Release Release Date Estimated EoL
stable/12 N/A N/A June 30, 2024
releng/12.1 12.1-RELEASE November 4, 2019 12.2-RELEASE + 3 months
stable/11 N/A N/A September 30, 2021
releng/11.4 11.4-RELEASE June 16, 2020 stable/11 end-of-life

Releases

OPNsense 20.7.2 Released: While team is still looking closer at netmap/iflib performance on 12.1, they are rolling out a kernel with Intel em/igb updates that should avoid bad packet counts in the default installation. Syslog-ng received a workaround for the diagnosed startup issue and alias now supports MAC address content similar to how host content works.

MidnightBSD 1.2.8: There was a security issue in dhclient. They've created new ISOs for 1.2.8 for those installing from scratch. If you are on 1.2.7, you can simply update the source from git for stable/1.2 branch and rebuild dhclient.

BSDSec

5 new FreeBSD Security Announcements and Errata notices: There have been 5 new Security Announcements and Errata notices for FreeBSD. They concern linuxthread, ipv6, sctp, getfsstat and dhclient.

Following FreeBSD, there are multiple advisories affecting MidnightBSD 1.2.x and current.

OpenBSD Errata: September 5th, 2020 (amdgpu): Errata patches for the kernel have been released for OpenBSD 6.6 and 6.7. A buffer overflow was discovered in an amdgpu ioctl. Binary updates for the amd64 and arm64 platforms are available via the syspatch utility. As these affect the kernel, a reboot will be needed after patching.

As always, it's worth following BSDSec. RSS feed and Twitter account available.

News

CVE-2020-7460: FreeBSD Kernel Privilege Escalation: In August, an update to FreeBSD was released to address a time-of-check to time-of-use (TOCTOU) bug that could be exploited by an unprivileged malicious userspace program for privilege escalation. This vulnerability was reported to the ZDI program by a researcher who goes by the name m00nbsd. He has graciously provided this write-up and proof-of-concept code detailing ZDI-20-949/CVE-2020-7460.

If you’ve got a newer i219 ethernet chipset – it’s now supported in DragonFly.

The FreeBSD Foundation is pleased to announce that Kevin Bowling and Andrew Wafaa have joined the Board of Directors.

bhyve: The FreeBSD Hypervisor: bhyve was originally designed and implemented by Neel Natu, and a small team at NetApp grew the functionality over time. This project was eventually shelved, but the code was open sourced and contributed to FreeBSD in May of 2011. After that, it has seen continuous development ever since.

Tutorials

What FreeBSD can offer you that other operating systems does not? This post is not here to convince you to use or try FreeBSD – this you will have to do by yourself. This article will show you why FreeBSD is valuable or better alternative to other operating systems and is definitely not dying.

Find which package provides a given file in OpenBSD: There is one very hand package on OpenBSD and it’s pkglocatedb which provides the command pkglocate. If you need to find a file or binary/program and you don’t know which package contains it, use pkglocate.

More

As always, there are more sources of BSD goodness. Latest BSD Now talks about OpenZFS with ZSTD lands in FreeBSD 13, LibreSSL doc status update, FreeBSD on SPARC64 (is dead), Bringing zpool checkpoints to a FreeBSD bootloader, and more.

The Valuable News weekly series is dedicated to providing summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. The latest is from 2020-09-07.

In Other BSDs for 2020/09/05 is out, too.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay home and stay safe!