Open Source BSD-Related CERT Announcements
Michael Lucas
Note: This list does not include all of the various CERT announces related to Sendmail versions shipped with any BSD. For those, you need to be tracking a recent Sendmail version.
The short answer to patching security holes is: upgrade to the latest stable or release version of your BSD.
In addition to the CERT advisories, each BSD issues its own security advisories. These security advisories include issues for which no CERT advisory is released. You can find project-specific advisories at:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/
http://www.netbsd.org/Security/advisory.html
http://www.openbsd.org/security.html
CERT Advisories CA-95:14.Telnetd_Environment_Vulnerability
FreeBSD: upgrade to 2.1.7-stable
NetBSD: upgrade to 1.1
CA-96.08.pcnfsd
FreeBSD: upgrade pcnfsd, or apply patch
ftp://ftp.FreeBSD.ORG/pub/FreeBSD/FreeBSD-current/ports/net/ \
pcnfsd/patches/patch
-ad
CA-96.12.suidperl_vul
FreeBSD: see fixes available at:
ftp://freebsd.org/pub/CERT/patches/SA-96:12/
CA-96.14.rdist_vul
FreeBSD: upgrade to 2.1-stable or 2.2-stable
CA-97.04.talkd
FreeBSD: ftp://freebsd.org/pub/CERT/patches/SA-96:21
CA-97.06.rlogin-term
FreeBSD: upgrade to 2.1-stable, or apply patch given in CA-97.06.rlogin-term
NetBSD: upgrade to 1.2
CA-97.11.libXt
All: upgrade to X11R6.3 or better
CA-97.13.xlock
All: upgrade to xlockmore 4.02 or better
CA-97.14.metamail
All: upgrade to latest metamail
CA-97.16.ftpd
FreeBSD: upgrade to 2.2-stable or greater
NetBSD: versions earlier than June 1997 vulnerable, patch available at:
ftp://ftp.netbsd.org/pub/NetBSD/misc/security/19970123-ftpd
OpenBSD: version 2.0 vulnerable, upgrade to 2.1 or better
CA-97.19.bsdlp
FreeBSD: upgrade to 2.1-stable or 2.2.-stable
CA-97.23.rdist
FreeBSD: 2.1.0 is vulnerable, upgrade to 2.1-stable or better
CA-97.27.FTP_bounce
FreeBSD: upgrade to 2.2.0 or better NetBSD: no patches available for 1.2.1 or prior, but NetBSD ftpd at:
ftp.netbsd.org:/pub/NetBSD/NetBSD-current/src/libexec/ftp
should work on a vulnerable NetBSD machine
CA-98.01.smurf
All: set sysctl MIB net.inet.icmp.bmcastecho to 0.
CA-98.05.bind_problems
All: upgrade to latest BIND
CA-98.10.mime_buffer_overflows
All: upgrade to latest mutt or pine
CA-98.13.tcp-denial-of-service
FreeBSD: upgrade to 2.2.8 or better
OpenBSD: for 2.3, see: www.openbsd.org/errata23.html#tcpfix
for 2.4, see: www.openbsd.org/errata.html#tcpfix |