-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT External Security Bulletin Redistribution
ESB-2008.0980 -- [NetBSD]
NetBSD 4.0.1 released incorporating previous and upcoming
security advisory patches
15 October 2008
AusCERT Security Bulletin Summary
Operating System: NetBSD
Impact: Execute Arbitrary Code/Commands
Cross-site Request Forgery
Denial of Service
CVE Names: CVE-2008-4247 CVE-2008-3652 CVE-2008-3651
CVE-2008-3584 CVE-2008-3530 CVE-2008-2476
CVE-2008-2464 CVE-2008-1657 CVE-2008-1483
CVE-2008-1447 CVE-2008-1391 CVE-2008-1372
CVE-2008-0006 CVE-2007-3798 CVE-2007-3108
CVE-2007-1218 CVE-2006-2362 CVE-2005-0953
Original Bulletin: http://netbsd.org/releases/formal-4/NetBSD-4.0.1.html
Comment: Out of the upcoming security advisories, only NetBSD-SA2008-013 and
NetBSD-SA2008-014 are remote access.
- --------------------------BEGIN INCLUDED TEXT--------------------
Announcing NetBSD 4.0.1
About the NetBSD 4.0.1 Release
The NetBSD Project is pleased to announce that update 4.0.1 of the
NetBSD operating system is now available. NetBSD 4.0.1 is the first
security/critical update of the NetBSD 4.0 release branch. This
represents a selected subset of fixes deemed critical in nature for
stability or security reasons, no new features have been added.
NetBSD 4.0.1 runs on 54 different system architectures featuring 17
machine architectures across 17 distinct CPU families, and is being
ported to more. The NetBSD 4.0.1 release contains complete binary
releases for 51 different machine types, with the platforms amigappc,
bebox and ews4800mips released in source form only. Complete source
and binaries for NetBSD 4.0.1 are available for download at many sites
around the world. A list of download sites providing FTP, AnonCVS,
SUP, and other services is provided at the end of this announcement;
the latest list of available download sites may also be found at
http://www.NetBSD.org/mirrors/. We encourage users who wish to install
via a CD-ROM ISO image to download via BitTorrent by using the torrent
files supplied in the ISO image area. A list of hashes for the NetBSD
4.0.1 distribution has been signed with the well-connected PGP key for
the NetBSD Security Officer:
Please note that all fixes in security/critical updates (i.e., NetBSD
4.0.1, 4.0.2, etc) are cumulative, so the latest update contains all
such fixes since the corresponding minor release. These fixes will
also appear in future minor releases (i.e., NetBSD 4.1, 4.2, etc),
together with other less-critical fixes and feature enhancements.
NetBSD is free. All of the code is under non-restrictive licenses, and
may be used without paying royalties to anyone. Free support services
are available via our mailing lists and website. Commercial support is
available from a variety of sources; some are listed at
http://www.NetBSD.org/gallery/consultants.html. More extensive
information on NetBSD is available from our website:
Changes Between 4.0 and 4.0.1 update
The complete list of changes can be found in the CHANGES-4.0.1
file in the top level directory of the NetBSD 4.0.1 release tree
A shortened list is as follows:
Security Advisories Fixes
o NetBSD-SA2008-004, multiple issues (CVE-2008-1372 and
CVE-2005-0953), has been fixed by upgrading to bzip2 to 1.0.5
o NetBSD-SA2008-005, OpenSSH Multiple issues (CVE-2008-1483 and
CVE-2008-1657), has been fixed by applying patches from upstream.
o NetBSD-SA2008-006, integer overflow in strfmon(3) function
(CVE-2008-1391), has been fixed.
o NetBSD-SA2008-008, OpenSSL Montgomery multiplication
(CVE-2007-3108), has been fixed.
o NetBSD-SA2008-009, BIND cache poisoning (CVE-2008-1447 and CERT
VU#800113), has been fixed by updating BIND to 9.4.2-P2. Note
there are two related changes to this advisory:
o The default behavior of ipfilter's Port Address Translation
has been changed to using random port allocation rather than
sequential mappings, to avoid decreasing the randomness of
source ports used for DNS queries which affects the BIND
cache poisoning problem.
o A `query-source' statement, which could allow the BIND cache
poisoning attack, has been commented out in the default
o NetBSD-SA2008-010, malicious PPPoE discovery packet can overrun a
kernel buffer (CVE-2008-3584), has been fixed.
o NetBSD-SA2008-011, ICMPv6 MLD query (CVE-2008-2464), has been
o NetBSD-SA2008-012, Denial of Service issues in racoon(8)
(CVE-2008-3652), has been fixed by upgrading ipsec-tools to
release 0.7.1. Note this also fixes CVE-2008-3651.
o upcoming NetBSD-SA2008-013, IPv6 Neighbor Discovery Protocol
routing vulnerability (CVE-2008-2476), has been fixed.
o upcoming NetBSD-SA2008-014, remote cross-site request forgery
attack issue in ftpd(8) (CVE-2008-4247), has been fixed.
o upcoming NetBSD-SA2008-015, remove kernel panics on IPv6
connections (CVE-2008-3530), has been fixed.
Note: NetBSD-SA2008-007 and advisories prior to NetBSD-SA2008-004
don't affect NetBSD 4.0.
Other Security Fixes
o Fix a buffer overrun which could crash a FAST_IPSEC kernel.
o tcpdump(8): fix CVE-2007-1218, CVE-2007-3798 and CAN-2005-1278 in
o Fix a buffer overflow of PCF font parser in X11 libXfont library
o Fix a buffer overflow of Tektronix Hex Format support in binutils
o machfb(4) and voodoofb(4): introduce two missing
KAUTH_GENERIC_ISSUSER checks in the mmap(2) code.
o Update root.cache to 2008020400 version.
o Fix IP packet forwarding code to make sure to send a reasonable
fragment size when IPsec is configured.
o Fix a bug in TCP SACK code which causes data corruption.
o Fix an rc.d(8) script for amd(8) not to shutdown gracefully since
it seems to cause problems for more people than the old (also
o ftpd(8): fix and reorganize PAM support.
o Pthread support of BIND has been disabled for future binary
compatibility after removal of the scheduler activations.
o Fix coredump of gdtoa (conversion between binary floating-point
and ASCII string) functions on out of memory conditions.
o fxp(4): fix random pool corruption and hangup problems.
o wd(4): handle more LBA48 bug quirks on some Hitachi's SATA/IDE
o Disable a NULL pointer check in zlib for standalone programs. This
fixes errors on loading a gzipped kernel (including installation
kernels) on several ports (news68k etc.) whose kernels are loaded
at address zero.
o awk(1): bring back an accidentally removed fix to allow escape of
a newline in string literals.
o fix compilation of native sh3 gcc on 64-bit build machines
o fix an internal compiler error on compiling m68k softfloat or
m68010 targets on 64-bit build machines.
o zgrep(1): make `-h' option (suppress filenames on output when
multiple files are searched) actually work.
o Fix parallel build failure on building hpcarm, hpcmips and hpcsh
o acorn32: fix a bootloader problem on some RiscPCs.
o add a workaround to avoid panic on probing a multi function
PCI device on Qube's PCI slot
o fix a bug in the interrupt handler which causes network
freeze if more than one interfaces are used.
o hp700: fix potential kernel / userland memory corruption in
copyinstr(9) and copyoutstr(9).
o sparc64: fix a bug in locore.s which causes unexpected behavior.
o sun3: fix a bug which might cause an occasional panic during boot.
o vax: make syscall handler use proper copyin(9) function on parsing
System families supported by NetBSD 4.0.1
The NetBSD 4.0.1 release provides supported binary distributions for
the following systems:
NetBSD/acorn26 Acorn Archimedes, A-series and R-series systems
NetBSD/acorn32 Acorn RiscPC/A7000, VLSI RC7500
NetBSD/algor Algorithmics, Ltd. MIPS evaluation boards
NetBSD/alpha Digital/Compaq Alpha (64-bit)
NetBSD/amd64 AMD family processors like Opteron, Athlon64, and
Intel CPUs with EM64T extension
NetBSD/amiga Commodore Amiga and MacroSystem DraCo
NetBSD/arc MIPS-based machines following the Advanced RISC
NetBSD/atari Atari TT030, Falcon, Hades
NetBSD/cats Chalice Technology's CATS and Intel's EBSA-285
NetBSD/cesfic CES FIC8234 VME processor board
NetBSD/cobalt Cobalt Networks' MIPS-based Microservers
NetBSD/dreamcast Sega Dreamcast game console
NetBSD/evbarm Various ARM-based evaluation boards and appliances
NetBSD/evbmips Various MIPS-based evaluation boards and appliances
NetBSD/evbppc Various PowerPC-based evaluation boards and
NetBSD/evbsh3 Various Hitachi Super-H SH3 and SH4-based evaluation
boards and appliances
NetBSD/hp300 Hewlett-Packard 9000/300 and 400 series
NetBSD/hp700 Hewlett-Packard 9000 Series 700 workstations
NetBSD/hpcarm StrongARM based Windows CE PDA machines
NetBSD/hpcmips MIPS-based Windows CE PDA machines
NetBSD/hpcsh Hitachi Super-H based Windows CE PDA machines
NetBSD/i386 IBM PCs and PC clones with i386-family processors and
NetBSD/ibmnws IBM Network Station 1000
NetBSD/iyonix Castle Technology's Iyonix ARM based PCs
NetBSD/landisk SH4 processor based NAS appliances
NetBSD/luna68k OMRON Tateisi Electric's LUNA series
NetBSD/mac68k Apple Macintosh with Motorola 68k CPU
NetBSD/macppc Apple PowerPC-based Macintosh and clones
NetBSD/mipsco MIPS Computer Systems Inc. family of workstations and
NetBSD/mmeye Brains mmEye multimedia server
NetBSD/mvme68k Motorola MVME 68k Single Board Computers
NetBSD/mvmeppc Motorola PowerPC VME Single Board Computers
NetBSD/netwinder StrongARM based NetWinder machines
NetBSD/news68k Sony's 68k-based "NET WORK STATION" series
NetBSD/newsmips Sony's MIPS-based "NET WORK STATION" series
NetBSD/next68k NeXT 68k "black" hardware
NetBSD/ofppc OpenFirmware PowerPC machines
NetBSD/pmax Digital MIPS-based DECstations and DECsystems
NetBSD/pmppc Artesyn's PM/PPC board
NetBSD/prep PReP (PowerPC Reference Platform) and CHRP machines
NetBSD/sandpoint Motorola Sandpoint reference platform
NetBSD/sbmips Broadcom SiByte evaluation boards
NetBSD/sgimips Silicon Graphics' MIPS-based workstations
NetBSD/shark Digital DNARD ("shark")
NetBSD/sparc Sun SPARC (32-bit) and UltraSPARC (in 32-bit mode)
NetBSD/sparc64 Sun UltraSPARC (in native 64-bit mode)
NetBSD/sun2 Sun Microsystems Sun 2 machines with Motorola 68010
NetBSD/sun3 Motorola 68020 and 030 based Sun 3 and 3x machines
NetBSD/vax Digital VAX
NetBSD/x68k Sharp X680x0 series
NetBSD/xen The Xen virtual machine monitor
Ports available in source form only for this release include the
NetBSD/amigappc PowerPC-based Amiga boards
NetBSD/bebox Be Inc's BeBox
NetBSD/ews4800mips NEC's MIPS-based EWS4800 workstation
The NetBSD Foundation would like to thank all those who have
contributed code, hardware, documentation, funds, colocation for our
servers, web pages and other documentation, release engineering, and
other resources over the years. More information on the people who
make NetBSD happen is available at:
We would like to especially thank the University of California at
Berkeley and the GNU Project for particularly large subsets of code
that we use. We would also like to thank the Internet Systems
Consortium Inc., the Network Security Lab at Columbia University's
Computer Science Department, and Ludd (Luleaa Academic Computer
Society) computer society at Luleaa University of Technology for
current colocation services.
About the NetBSD Foundation
The NetBSD Foundation was chartered in 1995, with the task of
overseeing core NetBSD project services, promoting the project within
industry and the open source community, and holding intellectual
property rights on much of the NetBSD code base. Day-to-day operations
of the project are handled by volunteers.
As a non-profit organization with no commercial backing, The NetBSD
Foundation depends on donations from its users, and we would like to
ask you to consider making a donation to the NetBSD Foundation in
support of continuing production of our fine operating system. Your
generous donation would be particularly welcome assistance with
ongoing upgrades and maintenance, as well as with operating expenses
for The NetBSD Foundation. Please visit:
Donations can be done via PayPal to <paypal@NetBSD.org> and are fully
tax-deductible in the US. If you would prefer not to use PayPal, or
would like to make other arrangements, please contact
NetBSD mirror sites
Please use a mirror site close to you.
o FTP - http://www.NetBSD.org/mirrors/#ftp
o ISO images - http://www.NetBSD.org/mirrors/#iso
o Anonymous CVS - http://www.NetBSD.org/mirrors/#anoncvs
o BitTorrent - http://www.NetBSD.org/mirrors/#bittorrent
o SUP - http://www.NetBSD.org/mirrors/#sup
o CVSup - http://www.NetBSD.org/mirrors/#cvsup
o rsync - http://www.NetBSD.org/mirrors/#rsync
o AFS - http://www.NetBSD.org/mirrors/#afs
Please also note our list of CD-ROM vendors, located at:
[NetBSD(R) is a registered trademark of The NetBSD Foundation, Inc.]
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to firstname.lastname@example.org
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----