Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Bug

Juniper OS Flaw Allowed Forged Certificates (arstechnica.com) 26

Slashdot reader disccomp shares an article from Ars Technica: In an advisory posted Wednesday, Juniper officials said they just fixed a bug in the company's Junos operating system that allowed adversaries to masquerade as trusted parties. The impersonation could be carried out by presenting a forged cryptographic certificate that was signed by the attacker rather than by a trusted certificate authority that normally vets the identity of the credential holder...

"It seems that Junos was accepting specially crafted, invalid certificates as trusted," said Stephen Checkoway, a computer scientist at the University of Illinois at Chicago who recently focused on security in Juniper products. "This would enable anyone to create a VPN connection and gain access to the private network, e.g., a private, corporate network."

Operating Systems

Severe Flaws Found In Libarchive Open Source Library (talosintel.com) 82

Reader itwbennett writes: Researchers from Cisco Systems' Talos group have found three memory corruption errors in the widely used open-source library libarchive that can result in arbitrary code execution and can be exploited by passing specially crafted files to applications that contain the vulnerable code. "The library is used by file and package managers included in many Linux and BSD systems, as well as by components and tools in OS X and Chrome OS," writes Lucian Constantin. "Developers can also include the library's code in their own projects, so it's hard to know how many other applications or firmware packages contain it." (Original blog post) So, while the libarchive maintainers have released patches for the flaws, it will likely take a long time for them to trickle down through all the affected projects.
Open Source

Torvalds' Secret Sauce For Linux: Willing To Be Wrong (ieee.org) 273

An anonymous reader writes: Linux turns 25 this year(!!). To mark the event, IEEE Spectrum has a piece on the history of Linux and why it succeeded where others failed. In an accompanying question and answer with Linus Torvalds, Torvalds explains the combination of youthful chutzpah, openness to other's ideas, and a willingness to unwind technical decisions that he thinks were critical to the OS's development: "I credit the fact that I didn't know what the hell I was setting myself up for for a lot of the success of Linux. [...] The thing about bad technical decisions is that you can always undo them. [...] I'd rather make a decision that turns out to be wrong later than waffle about possible alternatives for too long."
Ubuntu

Meet UbuntuBSD, UNIX For Human Beings 219

prisoninmate writes: What's ubuntuBSD? Well, it's not that hard to figure out yourself, but just in case you're not sure, we can tell you that ubuntuBSD promises to bring the power of the FreeBSD kernel to Ubuntu Linux. The best part of using the FreeBSD kernel is that you'll end up using the famous Z File System, or ZFS. Xfce is also included along with the popular Firefox, LibreOffice, and Ubuntu Software Center apps. ubuntuBSD is inspired by the Debian GNU/kFreeBSD project, it is hosted on SourceForge, and has been created by Jon Boden.
OS X

BorgBackup 1.0.0 Released (github.com) 64

An anonymous reader writes: After almost a year of development, bug fixing and cleanup, BorgBackup 1.0.0 has been released. BorgBackup is a fork of the Attic-Backup project — a deduplicating, compressing, encrypting and authenticating backup program for Linux, FreeBSD, Mac OS X and other unixoid operating systems (Windows may also work using CygWin, but that is rather experimental/unsupported). It works on 32bit as well as on 64bit platforms, x86/x64 and ARM CPUs (maybe as well on others, but these are the tested ones). For Linux, FreeBSD and Mac OS X, there are single-file binaries which can be just copied onto a system and contain everything needed (Python, libraries, BorgBackup itself). Of course, it can be also installed from source. BorgBackup is FOSS (BSD License) and implemented in Python 3 (91%), speed critical parts are in C or Cython (9%).
Unix

PVS-Studio Analyzer Spots 40 Bugs In the FreeBSD Kernel 169

Andrey_Karpov writes: Svyatoslav Razmyslov from PVS-Studio Team published an article on the check of the FreeBSD kernel. PVS-Studio developers are known for analyzing various projects to show the abilities of their product, and do some advertisement, of course. Perhaps, this is one of the most acceptable and useful ways of promoting a proprietary application. They have already checked more than 200 projects and detected 9355 bugs. At least that's the number of bugs in the error base of their company.

So now it was FreeBSD kernel's turn. The source code was taken from GitHub 'master' branch. Svyatoslav states that PVS-Studio detected more than 1000 suspicious code fragments that are most likely bugs or inaccurate code. He described 40 of them in the article. The list of warnings was given to the FreeBSD developer team and they have already started editing the code.

A couple of words for programmers who are still not familiar with PVS-Studio. PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++ and C#. It performs static code analysis and generates a report that helps a programmer find and fix the errors in the code. You can see a more detailed description of the tool on the company website and download a trial version.
Networking

FreeBSD-Powered Firewall Distro OPNsense 16.1 Released (phoronix.com) 64

An anonymous reader writes: OPNsense, the open-source firewall project powered by FreeBSD that began as a fork of pfSense, is out with a new release. OPNsense 16.1 was developed over the past half-year and is a big update. OPNsense 16.1 has upgraded to using a FreeBSD 10.2 base, support for a high-speed IPS mode, a redesigned captive portal, firewall improvements, and a wide range of other work.
Operating Systems

DragonFlyBSD 4.4 Switches To the Gold Linker By Default (phoronix.com) 26

An anonymous reader writes: DragonFlyBSD 4.4 is now available for download (x86_64 ISO) and is a feature release that presents many improvements and new features. DragonFlyBSD now uses the Gold Linker by default rather than GNU Ld, updates the Intel and Radeon graphics support against the Linux 3.18 kernel, improves its experimental HAMMER2 file-system updates the locale system and provides collation for named locales, changes out its regex library, and has new hardware drivers. More details on the 4.4 release page.
Open Source

Celebrating 20 Years of OpenBSD With Release 5.8 (openbsd.org) 158

badger.foo writes: 20 years to the day after the OpenBSD source tree was created for the new project, the project has released OpenBSD 5.8, the 38th release on CD-ROM (and 39th via FTP/HTTP). This release comes with four release songs instead of the usual one, and a long list of improvements over the last releases. (Probably a good time to donate to the project, too, even if you don't use it directly, because of all the security improvements that OpenBSD programmers contribute to the world.)
KDE

KDE Turns 19 115

prisoninmate writes: Believe it or not, it has been 19 long years since Matthias Ettrich announced his new project, the Kool Desktop Environment (KDE). "Unix popularity grows thanks to the free variants, mostly Linux. But still a consistent, nice looking free desktop-environment is missing. There are several nice either free or low-priced applications available so that Linux/X11 would almost fit everybody needs if we could offer a real GUI," wrote the developer back in October 14, 1996.
Graphics

Wayland Ported To DragonFlyBSD (phoronix.com) 152

An anonymous reader writes: Wayland 1.9 and the reference Weston compositor have been ported to DragonFlyBSD. Significant changes were made to get Wayland/Weston running, and you must either already be running an X.Org Server or be using the Linux-ported Radeon and Intel kernel mode-setting drivers, plus jump through a few setup steps.
Operating Systems

NetBSD 7.0 Released (netbsd.org) 58

An anonymous reader writes: After three years of development and over a year in release engineering, NetBSD 7.0 has been released. Its improvements include added support for many new ARM boards including the Raspberry Pi 2, major improvements to its multiprocessor-compatible firewall NPF, kernel scripting in Lua, kernel mode-setting for Intel and Radeon graphics chips, and a daemon called blacklistd(8) which integrates with numerous network daemons and shields them from flood attempts.
OS X

A FreeBSD "Spork" With Touches of NeXT and OS X: NeXTBSD 165

There are a lot of open source operating systems out there; being open source, they lend themselves to forks, clones or near clones, and friendly offshoots. There are even services to let you customize, download, and (if you choose) bulk-install your own OS based on common components. Phoronix notes a new project called NeXTBSD that might turn more heads than most new open source OSes, in part because of the developers behind it, and in part because of the positive thoughts many people have toward the aesthetics of NeXTSTEP and Mac OS X. (And while it might be a fork of FreeBSD, the developers would rather call it a spork, instead.) NeXTBSD was announced last week by Jordan Hubbard and Kip Macy at the Bay Area FreeBSD Users Group (BAFUG). NeXTBSD / FreeBSD X is based on the FreeBSD-CURRENT kernel while adding in Mach IPC, Libdispatch, notifyd, asld, launchd, and other components derived from Apple's open-source code for OS X. The basic launchd/notifyd/asld/libdispatch stack atop their "fork" of FreeBSD is working along with other basic components of their new design. You can watch a recording of the announcement as well as a longer introduction linked from Phoronix's story.
Open Source

FreeBSD 10.2 Released 103

moderators_are_w*nke writes with news that FreeBSD 10.2-RELEASE is now available. Here is the download page, the release notes, and release errata. Features highlights: The resolvconf(8) utility has been updated to version 3.7.0, with improvements to protect DNS privacy. The ntp suite has been updated to version 4.2.8p3. A new rc(8) script, growfs, has been added, which will resize the root filesystem on boot if the /firstboot file exists. The Linux® compatibility version has been updated to support Centos 6 ports. Several ZFS performance and reliability improvements. GNOME has been updated to version 3.14.2. KDE has been updated to version 4.14.3.
Operating Systems

HardenedBSD Completes Strong ASLR Implementation 66

New submitter HardenedBSD writes: A relatively new fork of FreeBSD, HardenedBSD, has completed its Address Space Layout Randomization (ASLR) feature. Without ASLR, applications are loaded into memory in a deterministic manner. An attacker who knows where a vulnerability lies in memory can reliably exploit that vulnerability to manipulate the application into doing the attacker's bidding. ASLR removes the determinism, making it so that even if an attacker knows that a vulnerability exists, he doesn't know where that vulnerability lies in memory. HardenedBSD's particular implementation of ASLR is the strongest form ever implemented in any of the BSDs.

The next step is to update documentation and submit updates to the patches they have already submitted upstream to FreeBSD. ASLR is the first step in a long list of exploit mitigation technologies HardenedBSD plans to implement.

Slashdot Top Deals