New stable release: HardenedBSD-stable 10-STABLE v46.1

Submitted by op on

HardenedBSD-10-STABLE-v46.1
----------------------------------------
https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
https://github.com/HardenedBSD/hardenedBSD-stable/commits/HardenedBSD-10...

This release fixes CVE-1541 and CVE-2015-2304 in libarchive, a lot of Coverity warnings / programing errors and an overflow in amd64's sysarch system call (00696f0, eac2aab, bd784f7).

New stable version: HardenedBSD-stable 11-CURRENT v46.2

Submitted by op on

HardenedBSD-11-CURRENT-v46.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

UPDATE TO THIS RELEASE IS STRONGLY ADVISED!

This release fixes two locally exploitable security issue, namely the followings:
https://security.freebsd.org/advisories/FreeBSD-SA-16:19.sendmsg.asc
https://security.freebsd.org/advisories/FreeBSD-SA-16:18.atkbd.asc

New stable version: HardenedBSD-stable 10-STABLE v46

Submitted by op on

UPDATE TO THIS RELEASE IS STRONGLY ADVISED!

This release fixes two locally exploitable security issue, namely the followings:
https://security.freebsd.org/advisories/FreeBSD-SA-16:19.sendmsg.asc
https://security.freebsd.org/advisories/FreeBSD-SA-16:18.atkbd.asc

Other news in this release:

Backported a lot of smaller coverity issues from FreeBSD.
Introduced fully enabled PIE, RELRO and BIND_NOW in the base system.

If you encounter build failures due the PIEified base system, you could empty the /usr/obj directory
and retry the build. For more details please consult the ${SRCTOP}/UPDATING-HardenedBSD
file.

https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

LibreSSL in HardenedBSD Base

Submitted by Shawn Webb on

A few months ago, we added Bernard Spil to the HardenedBSD team with a goal to bring in and maintain LibreSSL in base. Given the effort involved in maintaining such a complex piece of software, we at HardenedBSD have made the decision to keep it as a feature branch in the playground repo for now. Those who wish to check out Bernard's awesome, hard work can check out the repo here. We will soon start auto-syncing that feature branch on our normal six-hour cycle and we will produce periodic binary updates. As of today, the first binary update has been published. You can use this hbsd-update.conf file to tell hbsd-update to switch to the LibreSSL branch. If you wish to compile your own version of HardenedBSD with LibreSSL base, you will need to add WITH_LIBRESSL=yes to src.conf.

We would like to thank Bernard for volunteering. He has been a tremendous help. Here is a teaser screenshot.

New stable release: HardenedBSD-stable 10-STABLE v44.4

Submitted by op on

HardenedBSD-10-STABLE-v44.4 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a ntpd security update

More information will be in the FreeBSD's SA:
Security: CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550
Security: CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518
Security: CVE-2016-2519
Security: FreeBSD-SA-16:16.ntp

Pages

Subscribe to HardenedBSD RSS