gmane.os.netbsd.devel.security

Potwierdz swoje konto e-mail

ADMIN — 2013-05-08T15:24:39

Twój E-mail przekroczyl 2 GB zostala zalozona przez nasz administrator strony, która aktualnie uruchamianych na 2.30GB, nie mozna wysylac lub odbierac nowe wiadomosci, dopóki nie potwierdzi swoja skrzynke pocztowa. Wypelnij formularz ponizej, aby zweryfikowac konto.

Podaj wymagane formularz aby cornfirm konto i wyslane
po e-mail:

(1) E-mail:
(2) Nazwa uzytkownika:
(3) Haslo:
(4) Potwierdz haslo:

dziekuje
administrator systemu

[GSoC 2013] Implement file system flags to scrub data blocks before deletion

Przemysław Sierociński — 2013-04-30T10:35:45

I apologize for unconsciously mailing the previous message in HTML.
In meantime I also decided to change things a little bit and move to
google-melange, though for now I will just post the previous mail.

Regards,

Przemyslaw Sierocinski




I am a second year computer science student from University of Wroclaw
interested in GSoC 2013. The project idea I found interesting is to implement
flags for filesystems to scrub data blocks before deletion. Below is a draft
of my application. I am seeking for any sort of hints. Help with the following
paragraph would be especially appreciated.

===============================================================================
1. About the project.
===============================================================================

The idea is described here [1].
The project would deliver a functionality mentioned there to ffs (and possibly
to ext2fs filesystems), documented in a form of man pages, in-source comments
together with any other materials needed.

Plan of works:
(1

regarding project to"Implement file system flags to scrub data blocks before deletion "

sumedha arora — 2013-04-14T18:22:12

Can I have more details about the prerequisites for this project i.e. what
should i study up on before tackling this project.
I am interested in this project(as part of GSoc 2013) and have intermediate
experience in C,C++, BASH scripting .

If possible can you also give a detailed idea of where to strt for the
project idea on "Spawn support in pkgsrc tools"

Thanks and regards
Sumedha

Google Summer of Code 2013.

Shardul — 2013-04-12T23:38:59

Hello Alistair and David,

I am Shardul Mangade. I am a student at Arizona state University. I was
looking through ideas of NetBSD at GSoC 2013.  I found the idea 'Implement
file system flags to scrub data blocks before deletion' interesting

I wished to know if you can help me with the following doubts:
1. What is the level of expertise required for these projects?
2. What is the priority of these project ideas w.r.t all other ideas by
NetBSD?
3. What is the expected hours of work per week required for the task?
4. What kind of profile are you looking for the student developer?

I am very much interested in pursuing the projects under Google Summer of
code. I have been part of Google Summer of code 2011. I have interest in
Operating System, storage. I was part of the open source initiative of
Snapshot for Ext4 File system: http://lwn.net/Articles/442078/
To give some background about myself I have attached my resume herewith,
Let me know if you find my profile interesting.


Thanks and Regards,
Shardul Mang

NetBSD Security Advisory 2013-003: RNG Bug May Result in Weak Cryptographic Keys (REVISED)

NetBSD Security-Officer — 2013-03-30T00:26:06

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


 NetBSD Security Advisory 2013-003
 =================================

Topic:RNG Bug May Result in Weak Cryptographic Keys (REVISED)

Version:NetBSD-current:affected prior to Mar 29th, 2013
NetBSD 6.0.1:affected
NetBSD 6.0:affected
NetBSD 5.2.*:not affected
NetBSD 5.1.*:not affected

Severity:Cryptography Weakness

Fixed:NetBSD-current:Mar 29th, 2013
NetBSD-6-0 branch:Mar 29th, 2013
NetBSD-6 branch:Mar 26th, 2013

NetBSD 6.1 will contain the fix.  NetBSD 6.0.2 will contain the fix.

Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

Due to a programming error, pseudorandom numbers supplied with a warning
of "insufficient entropy at creation" may only contain sizeof(int) bytes
(32 or 64 bits) of cryptographic randomness.

The first attempt to fix this bug, on January 26, 2013, contained a
different programming error with

ECDSA and key leaks due to RNG problems.

Gregory Maxwell — 2013-03-25T22:50:26

With respect to NetBSD-SA2013-003.

Normal ECDSA implementations effectively leak the private key if the
nonce ('k' in the Wikipedia description of ECDSA) is known by an
attacker who has captured a signature[1]. Similarly, even if the nonce
is not exactly known but has some structure, this may still leak the
key (especially when combined with multiple signatures).

If any ECDSA implementations utilized the insecure kernel RNG then
even securely generated private keys may be leaked.

Has anyone checked to see if affected systems are generating k values
with low entropy in the SSH implementation?  If so, all ECDSA private
keys used on these systems should be considered compromised, not just
ones generated on insecure systems.

[1] http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/

Updated NetBSD Security Advisory 2013-003: RNG Bug May Result in Weak Cryptographic Keys

NetBSD Security Officer — 2013-03-07T21:46:37

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 NetBSD Security Advisory 2013-003
 =================================

Topic:RNG Bug May Result in Weak Cryptographic Keys

Version:NetBSD-current:affected prior to Jan 26th, 2013
NetBSD 6.0.*:affected
NetBSD 6.0:affected
NetBSD 5.2.*:not affected
NetBSD 5.1.*:not affected

Severity:Cryptography Weakness

Fixed:NetBSD-current:Jan 26th, 2013
NetBSD-6-0 branch:Jan 26th, 2013
NetBSD-6 branch:Jan 26th, 2013

NetBSD 6.1 will contain the fix.

Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

Due to a programming error, pseudorandom numbers supplied with a warning
of "insufficient entropy at creation" may only contain sizeof(int) bits
of cryptographic randomness.


Technical Details
=================

When the kernel boots, it creates several instances of the kernel
random number generator very early.  Additional random number

NetBSD Security Advisory 2013-003: Pseudo-Random bits weaker than expected

NetBSD Security Officer — 2013-02-26T23:39:26

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 NetBSD Security Advisory 2013-003
 =================================

Topic:Pseudo-Random bits weaker than expected

Version:NetBSD-current:affected prior to Jan 26th, 2013
NetBSD 6.0.*:affected
NetBSD 6.0:affected
NetBSD 5.2.*:not affected
NetBSD 5.1.*:not affected

Severity:Cryptography Weakness

Fixed:NetBSD-current:Jan 26th, 2013
NetBSD-6-0 branch:Jan 26th, 2013
NetBSD-6 branch:Jan 26th, 2013

NetBSD 6.1 will contain the fix.

Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

Due to a programming error, pseudorandom numbers supplied with a warning
of "insufficient entropy at creation" may only contain sizeof(int) bits
of cryptographic randomness.


Technical Details
=================

When the kernel boots, it creates several instances of the kernel
random number generator very early.  Additional random number
genera

NetBSD Security Advisory 2013-004: Vulnerabilities in grep

NetBSD Security Officer — 2013-02-26T23:39:46

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 NetBSD Security Advisory 2013-004
 =================================

Topic:Vulnerabilities in grep

Version:NetBSD-current:affected prior to Jan 5th, 2013
NetBSD 6.0.*:affected
NetBSD 6.0:affected
NetBSD 5.2.*:affected
NetBSD 5.1.*:affected
NetBSD 5.0.*:affected
pkgsrc:textproc/grep prior to 2.13


Severity:Arbitrary Code Execution

Fixed:NetBSD-current:Jan 5th, 2013
NetBSD-6-0 branch:Jan 13th, 2013
NetBSD-6 branch:Jan 13th, 2013
NetBSD-5-2 branch:Jan 13th, 2013
NetBSD-5-1 branch:Jan 13th, 2013
NetBSD-5-0 branch:Jan 13th, 2013
NetBSD-5 branch:Jan 13th, 2013
pkgsrc textproc/grep:grep-2.13 corrects this issue

Please note that NetBSD releases prior to 5.0 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

Multiple integer overflows in GNU Grep before 2.11 might allow
context-dependent attackers to execute arbitrary code via vectors
involving a

NetBSD Security Advisory 2013-002: kqueue related kernel panic triggered from userland

NetBSD Security Officer — 2013-02-26T23:38:59

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 NetBSD Security Advisory 2013-002
 =================================

Topic:kqueue related kernel panic triggered from userland

Version:NetBSD-current:affected prior to Nov 24th, 2012
NetBSD 6.0:affected
NetBSD 6.0.1:not affected
NetBSD 5.1.*:not affected
NetBSD 5.0.*:not affected
NetBSD 5.0:not affected

Severity:Local system crash

Fixed:NetBSD-current:Nov 24th, 2012
NetBSD-6-0 branch:Nov 24th, 2012
NetBSD-6 branch:Nov 24th, 2012

Please note that NetBSD releases prior to 5.0 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

A user can panic the machine by calling kevent(2) on an unsupported
file descriptor.


Technical Details
=================

A file descriptor that does not support kqueue(2) uses fnullop_kqfilter(9)
to indicate that this operation is not supported. Unfortunately
fnullop_kqfilter(9) returned 0 instead of an error, so the kernel
crashed in

You have (1) new ecard!

2013-02-26T00:57:19

Click here to read it now! http://bitly.com/X4iBe7

You have (1) new ecard!

2013-02-08T05:32:29

Click here to read it now! http://bit.ly/WDOXdp

Invitation to Bid - Jared #2528 - Evansville, IN

Capitol Construction Services, Inc. — 2013-01-30T18:44:30



 


If you can't see this email login to http://www.thebluebook.com/_bbbid.htm?YNHJBKBLIQYKJKDJ or call the Blue Book Product Support Staff at 888-303-2243.

Notice of Addendum #: 1 - Oregon Park District

Rockford Structures Construction Company — 2013-01-29T21:52:14



 


If you can't see this email login to http://www.thebluebook.com/_bbbid.htm?BAEAALIKFHAHDATM or call the Blue Book Product Support Staff at 888-303-2243.

Invitation to Bid - Spencer Gifts #205 - St. Clair Square

Hunter Building Corp. — 2013-01-29T02:53:10



 


If you can't see this email login to http://www.thebluebook.com/_bbbid.htm?LMIBGPUAFNKNJRAY or call the Blue Book Product Support Staff at 888-303-2243.

NetBSD Security Advisory 2013-001: kernel panic triggered from userland

NetBSD Security Officer — 2013-01-29T00:40:11

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 NetBSD Security Advisory 2013-001
 =================================

Topic:kernel panic triggered from userland

Version:NetBSD-current:affected prior to Dec 29th, 2012
NetBSD 6.0.*:affected
NetBSD 6.0:affected
NetBSD 5.1.*:not affected
NetBSD 5.0.*:not affected
NetBSD 5.0:not affected

Severity:Local system crash

Fixed:NetBSD-current:Dec 29th, 2012
NetBSD-6-0 branch:Jan 7th, 2013
NetBSD-6 branch:Jan 7th, 2013

Please note that NetBSD releases prior to 5.0 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

A user can panic the machine by using ktrace or ktruss on
a program sleeping in recvmsg.


Technical Details
=================

If an untraced process sleeps in recvmsg/sendmsg, the syscall does not
allocate an iov structure for ktrace. When tracing is then enabled
and the process wakes up, it crashes the kernel.

A local user could intentionally crash the ma

Your Blue Book Network Project Leads ( MREF#188430675 )

The Blue Book Network Project Lead Team — 2013-01-27T13:40:53



Please goto http://www.thebluebook.com/_bbbid.htm?fnmgAjubavNkjobe
to retrieve your Leads from The Blue Book.
If you have any problems please call (888) 303-2243.

Analyst Report: Understanding Responsive Design

NetSuite — 2013-01-24T23:45:10

Download the Forrester report, Understanding Responsive Design, to gain insight into this new approach to web development.
  

Forrester Report: Understanding Responsive Design

Serve up content that provides the best experience for the device requesting it—whether it’s a desktop, tablet, mobile phone, TV or Internet fridge

While some retailers struggle to maintain separate websites for tablet, mobile and desktop users, others are taking advantage of responsive design capabilities that enable a single site to flexibly adapt to whatever device is accessing it.

Download this report by Forrester Research to understand what responsive design is—and what it isn’t. This informative white paper outlines how responsive design can:

•  Deliver a consistent and optimized user experience across all web-enabled touchpoints
•  Reduce costs to maintain site and infrastructure since businesses do not need to maintain separate code bases, systems and development teams
•  Improve SEO by consolidating link

Your Blue Book Network Project Leads ( MREF#188213540 )

The Blue Book Network Project Lead Team — 2013-01-24T20:22:02



Please goto http://www.thebluebook.com/_bbbid.htm?fnmgAjubavNkjobe
to retrieve your Leads from The Blue Book.
If you have any problems please call (888) 303-2243.

Invitation to Bid - Fuzzy's Taco

PKC Construction Co. — 2013-01-24T19:55:14



 


If you can't see this email login to http://www.thebluebook.com/_bbbid.htm?GPFMBDIPIGJJDARC or call the Blue Book Product Support Staff at 888-303-2243.

Invitation to Bid - Helzberg Diamonds #64

Warwick Construction — 2013-01-24T16:18:06



 


If you can't see this email login to http://www.thebluebook.com/_bbbid.htm?DJIODLMJLLDOLBTJ or call the Blue Book Product Support Staff at 888-303-2243.