Four NetBSD Security Advisories, Fixes Released

Dan writes "The NetBSD security team has formally announced 4 security advisories and fixes for the following advisories: NetBSD-SA2003-014 Insufficient argument checking in sysctl(2); NetBSD-SA2003-015 Remote and local vulnerabilities in XFree86 font libraries; NetBSD-SA2003-016 Sendmail - another prescan() bug CAN-2003-0694; NetBSD-SA2003-017 OpenSSL multiple vulnerability. There is an integer overflow in the XFree86 font libraries, which could lead to potential privilege escalation and/or remote code execution. Sendmail advisory involves a prescan() bug in sendmail packages prior to 8.12.10. OpenSSL had multiple vulnerabilities, they were found by tests performed by NISCC. Finally, insufficient argument checking in sysctl(2) which could be exploited."

Re:Haiku

Big greased Yoda doll,
shoved ever so tightly in,
Linux user's hole.

Re:Haiku

Tux lies prone on ground.
Daemon stands overtop him.
Grease pours from Tux-hole.

Re:BSD gets it's skeleton smashed at OSnews!

Did you keep the Win ME partition?

Re:BSD gets it's skeleton smashed at OSnews!

Of course! I can't do without my Windows ME... I use Linux cause I feel cool being a wanna be windows OS user. I hide my Windows CDs in the closest until I come out of the closet myself.

BSD Ghetto

BSD you grow in the ghetto, living second rate
And your eyes will sing a song of deep hate.
The places you play and where you stay
Looks like one great big alley way.
You'll admire all the numberbook takers,
Thugs, BSD pimps and pushers, and the big money makers.

Roy Horn speaks out

Roy Horn of the famous "Siegfried and Roy" magic ensemble was interviewed today from his hospital bed. Mr. Horn is recovering from a life threatening tiger attack. When asked about his condition Roy had this to say,

Don't worry. I'm doing OK. I'll be fine. However, on the other hand, *BSD is dying.

Hang in there Roy. We're all pulling for you!

Damned Trolls

[agent+dero]

This is ridiculous, there's so many trolls, none are within my threshhold.

Anyways, this is a good advance for NetBSD, regardless of it having holes or not, getting an OS patched is always good.

Good job NetBSD, come on guys, give them some credit, they run netBSD on more platforms than almost anyone else.

Re:Damned Trolls

Hey, fuck you, trolls are the lifeblood of /. and we should be getting props for making this shithole remotely worth visiting.

ADMIT IT NERDS

Re:Damned Trolls

trolls post nothing worth reading and you say you're the lifeblood of slashdot ?

Re:Damned Trolls

Inspite of efforts to make it inclusive, Slashdot is pretty much a Linux-only site. This is ruthlessly enforced by the tiny percentage of Linux users that never matured past age 12.

It is a sad thing, but every OS has a few child-zealots we'd all like to get rid of. The vast, vast, majority of Linux users are perfectly happy to share traffic with BSD posts.

Re:My own top 10 advisiories

1. You can not play games on it.
Dair be games 4 B-S-fuckin'-D. But if u r serious about games, UNIX
aint 'esact-like da best platform choice 4 games, unless yo' ass be 'esploitin'
Mac O-S X.

2. It cannot be used by my grandma.
Y not? If yo' grandma kin not 'esploit some mouse, some keybo'd, o' spot, den
dat would be true.

3. It lacks a GUI of any note.
K-D-fuckin'-E an' Gnome be available.

4. There is no support available for it.
Dair be support 4 it, countless websites, mailin' lists, documentashun, an'
dair be commercial companies dat support it. Also, at da damn fat-lady o' da
damn day, it be unix. Some fat-ass chunk o' adminsterin' Linux/*B-S-fuckin'-D
be da damn same, so's anyone dat knows unix could offa' help.

5. It is an assortment of fragmented OSes.
An' Linux aint fragmented? How many Linux distros be dair?? LOTS!
Maybe da damn kernel be da damn same, but some kernel by itself aint some
opuh'atin' system.

6. It cannot be run on the x86 platform.
Free/Net/Openbsd all run on x86 as deir primary platform.

7. You have to compile everything and know C.
If yo' ass scribble software, o' course yo' ass got'ta compile it...dat be da
damn same wit' no opuh'atin' system. Fuckin' A! Pre-compiled packages be
available 4 da *Bsds, as well as ports, which duz da work o' compilin' 4 yo'
ass. Yo' ass DO not need t' know C t' "'esploit" *no* opuh'atin' system.

8. Support for the latest hardware is always poor.
Mo' dan 'nuff hardware works, no half decent well known componets will work
propa'. Dair will 24/7 be some slight delay wit' free unix. Hardware companies
duzn't 'esact-like relaise driva's 4 free unix o' provide documentashun all da
time, so's it may snatch longa' t' git some driva' togetha'.

9. It is incompatiable with GNU/Linux.
Not shaw whut yo' ass main in da house, it could main some few shit.

10.It is dying.
Visit openbsd.org, netbsd.org, freebsd.org an' den apple.com.

Wow, the signal-to-noise ratio is lower than ever

Just goes to prove BSD is dying. Nobody fucking cares enough about it to post something relevant. In fact, if it weren't for us trolls this topic would have a grand total of one comment (as of Oct 11, 12:30 AM central time)

If you BSD die-hards still aren't getting the truth about BSD, consider this:

1. Is BSD being improved at a faster rate than Linux? (no, as if FreeBSD has a multibillion dollar company like IBM backing it with 3,000 developers - ha!)

2. Are the number of BSD users increasing?
(clearly not, and i'm talking about real BSD not Mac OS X bastardised UNIX)

3. What do most open source developers use (LINUX, nerds, LINUX)

You cannot escape the truth! BSD will be dead in 5 years! I guarantee it!

This post brought to you by a Truthmaster (aka a Linux user)

Re:Wow, the signal-to-noise ratio is lower than ev

1. Is BSD being improved at a faster rate than Linux? (no, as if FreeBSD has a multibillion dollar company like IBM backing it with 3,000 developers - ha!)


Well, they're both doing the same thing actually, that is to say, copying SCO code. So it is possible. Now Windows XP, there's another story, and its easier to use anyway.

3. What do most open source developers use (LINUX, nerds, LINUX)

Really they use XP, since only a few of them have actually figured out how to get Internet access working under Linux.

You cannot escape the truth! BSD will be dead in 5 years! I guarantee it!

Thats true at least. But its the least of your problems. I would point to a $699 licensing fee which you need to pay, as a more pressing issue.

Re:Wow, the signal-to-noise ratio is lower than ev

I already payed it. What, do you think I would use a pirated version of linux?

BTW XP is great, its my 2nd most used OS (I use it for kazaa and most of my gay porn site is written in dreamweaver) I also run IE in vmware since mozilla is a steaming piece of shit.

but all that aside, BSD *is* dying. We can all agree on that.

Why does this section still exist?

Isn't it entirely disrespectful to the dead? We don't have a bobhope.slashdot.org now do we? Get some manners people.

Re:Why does this section still exist?

That's a good idea, actually. Maybe we should.

Help me, I'm sexually attracted to the *BSD daemon

That BSD daemon is so hot, I just want to suck his dick while jerking myself off and then bend him over and stick my dick in his tight red asshole. The fact that I'm an excellent artist only makes matters worse, since I tend to draw him during my Math class in sexually explicit positions instead of taking notes like I should, and I think people are noticing because they give me odd looks and this one guy even asked me if I was gay. Can somebody help me get rid of these urges? I'm sure they're perfectly healthy (hey, what slashdotter *hasn't* had a crush on another guy) but it's starting to intrude on my social life and I'd rather it not. Thanxz, AC

XOXOXOXOXOXOXO

Egh, netbsd....

Why you'd want to run an OS designed and coded by niggers is beyond me.

The *BSD Wailing Song

What's left for me to see
In my ship I sailed so far
What can the answer be
Don't know what the questions are.
And after all I've done
Still I cannot feel the sun
Tell me save me
In the end our lost souls must repent.
I must know it is for certain
Can it be the final curtain
As long as the wind will blow
I'll be searching high and low.
Who knows what's really true
They say the end is so near
Why are we all so cruel
We just fill ourselves with fear.
And heaven and hell will turn
All that we love shall burn
Hear me trust me
In the end our lost sould must repent.
I must know it is for certain
Can it be the final curtain
As long as the wind will blow
I'll be searching high and low
Final curtain
Final curtain

Patches vs. Fixes

If you ever take a look at the patched code for one of these security advisories, you mainly see some special case code stuck in there to patch up the problem. You never see a reconsideration of the problem. I wonder how long it takes to go from a release version through BSD is dying patch after patch until a piece of code is just old and crufty and in need of wholesale replacement.

Re:Patches vs. Fixes

Man that is so true. I compiled OpenSSH once from source, just for kicks. You would not believe how many compiler warnings it gives! Its just like they decided, "hey, why bother with data types when we can just use void pointers for everything", or something. And whenever they get a buffer underrun found or something, they just say "lets double the size of that buffer, that will surely be enough.". This is the mentality that goes into all BSD software. When I'm writing 100% secure C# code on my XP box, I can't believe what people will accept from theftware like BSD these days.

I just read the obituaries in the newspaper!

I'm so sorry.

Coping is hard, but please try

Although it is true that BSD is dying, there are some helpful steps you can take ease your sorrow:

• deal with the inevitable.
  
• grieve for your loss.
  
• move on.
  Never let your emotions get mixed up with something as silly as a computer
  operating system. It isn't healthy. So BSD fails. Big whoop. Deal with it and move on.
  Hope this helps.
  

Found deep in *BSD source code...

_d8b____________________d8b_______d8,
_?88____________________88P______`8P
__88b__________________d88
__888888b__.d888b,_d888888________88b_.d888b,
__88P_`?8b_?8b,___d8P'_?88________88P_?8b,
_d88,__d88___`?8b_88b__,88b______d88____`?8b
d88'`?88P'`?888P'_`?88P'`88b____d88'_`?888P'

______d8b________________________d8b
______88P________________________88P
_____d88________________________d88
_d888888___d8888b_d888b8b___d888888
d8P'_?88__d8b_,dPd8P'_?88__d8P'_?88
88b__,88b_88b____88b__,88b_88b__,88b
`?88P'`88b`?888P'`?88P'`88b`?88P'`88b

YHBT YHL HAND

Re:YHBT YHL HAND

Save your words for the other reply, bitch. I know what I'm doing.

And pay your goddamn $699 licensing fee!

Re:Wow, the signal-to-noise ratio is lower than ev

Actually, quite a number of improvements have been implemented *1st* on BSD, before Linux got them. Firewire, IPV6.. the list could go on quite a while.

I love to see people bashing BSD on these things, when it reality they are not particularly kernel related. XFree86 font libraries are an installed package, not part of the base OS. Sendmail..well, exactly *how many* sendmail bugs have been found over the years? Every OS has been hit by them, so that never surprises me. OpenSSL but... uhh, excuse me, but how many Linux's are going to be hit by this as well?

About the only one that directly relates to only NetBSD is the sysctl bug.

What I *like* about NetBSD, and why *I* choose to use it? Lets see, I have my PC NetBSD fileserver, plus several decstations, a vaxstation, 3 dec alpha's, sun 3/260, 68K mac, sun sparc's... they all run NetBSD fine, and its a consistent architecture across all the platforms... plus they are making very good headway on SMP for not only the PC platform, but sparc and mac... and trying to do it in a way that makes it, again, consistent across architectures.

I'm sorry, any OS that completely rips out its VM system and replaces it in the *middle* of a "Release" OS version (that is *not* a "minor" update or bug-fix guys) is doing *something* wrong. Everytime I switch from one "brand" of Linux to another (RedHat, Debian, etc) I get the feeling that, yeah, its still Unix (ok, Unix-like :-P) but that I'm working on a whole different platform. Now, I can handle it having jumped between SunOS, Solaris, HPUX 9/10, Ultrix, etc. quite a bit over the years. But, I like feeling like I'm not trying to figure out new commands on every box I'm on.

Re:Wow, the signal-to-noise ratio is lower than ev

a Truthmaster (aka a Linux user)

Wow! Becomming a Linux user makes you a truthmaster? Lets get governments everywhere on Linux then!

Re:Haiku

Last line should be five as well, you knob-gobbler.

Four New Security Advisories about *BSD:

1) If something dead bites you, you will turn into a zombie yourself (see "Dawn of the Dead")

2) Children should not play with dead things.

3) Storing your *BSD distro install CD in formaldehyde will preserve the necrotic tissues from further rot.

4) Funerals can cost $4000. Don't forget to factor this in if you decide to go with *BSD.

They use it like they use King Tut

They don't "use" it. They just pay to look at the corpse.

Re:Wow, the signal-to-noise ratio is lower than ev

I think he meant to write Thrustmaster, aka a person who has sex with a Tux plushie.

Re:Wow, the signal-to-noise ratio is lower than ev

*what" ** The f((uck* Are" "you" )talk*ing... a*bo()uT,) *"du"de *?

Question

What do you call a gathering of BSD developers?

Answer - a funeral.

Hard Times for *BSD

Sure, we all know that *BSD is a failure, but why? Why did *BSD fail? Once you get past the fact that *BSD is fragmented between a myriad of incompatible kernels, there is the historical record of failure and of failed operating systems. *BSD experienced moderate success about 15 years ago in academic circles. Since then it has been in steady decline. We all know *BSD keeps losing market share but why? Is it the problematic personalities of many of the key players? Or is it larger than their troubled personas?

The record is clear on one thing: no operating system has ever come back from the grave. Efforts to resuscitate *BSD are one step away from spiritualists wishing to communicate with the dead. As the situation grows more desperate for the adherents of this doomed OS, the sorrow takes hold. An unremitting gloom hangs like a death shroud over a once hopeful *BSD community. The hope is gone; a mournful nostalgia has settled in. Now is the end time for *BSD.