New stable release: HardenedBSD-stable 10-STABLE v46.2

Submitted by op on

HardenedBSD-10-STABLE-v46.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

This is a security update, but by default none of the currently released FreeBSD SAs affect HardenedBSD, since we fixed the libarchive issue in v46.1 and the COMPAT layers are disabled by default.

https://security.freebsd.org/advisories/FreeBSD-SA-16:22.libarchive.asc
https://security.freebsd.org/advisories/FreeBSD-SA-16:21.43bsd.asc
https://security.freebsd.org/advisories/FreeBSD-SA-16:20.linux.asc

New stable release: HardenedBSD-stable 10-STABLE v46.1

Submitted by op on

HardenedBSD-10-STABLE-v46.1
----------------------------------------
https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
https://github.com/HardenedBSD/hardenedBSD-stable/commits/HardenedBSD-10...

This release fixes CVE-1541 and CVE-2015-2304 in libarchive, a lot of Coverity warnings / programing errors and an overflow in amd64's sysarch system call (00696f0, eac2aab, bd784f7).

New stable version: HardenedBSD-stable 11-CURRENT v46.2

Submitted by op on

HardenedBSD-11-CURRENT-v46.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

UPDATE TO THIS RELEASE IS STRONGLY ADVISED!

This release fixes two locally exploitable security issue, namely the followings:
https://security.freebsd.org/advisories/FreeBSD-SA-16:19.sendmsg.asc
https://security.freebsd.org/advisories/FreeBSD-SA-16:18.atkbd.asc

New stable version: HardenedBSD-stable 10-STABLE v46

Submitted by op on

UPDATE TO THIS RELEASE IS STRONGLY ADVISED!

This release fixes two locally exploitable security issue, namely the followings:
https://security.freebsd.org/advisories/FreeBSD-SA-16:19.sendmsg.asc
https://security.freebsd.org/advisories/FreeBSD-SA-16:18.atkbd.asc

Other news in this release:

Backported a lot of smaller coverity issues from FreeBSD.
Introduced fully enabled PIE, RELRO and BIND_NOW in the base system.

If you encounter build failures due the PIEified base system, you could empty the /usr/obj directory
and retry the build. For more details please consult the ${SRCTOP}/UPDATING-HardenedBSD
file.

https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

LibreSSL in HardenedBSD Base

Submitted by Shawn Webb on

A few months ago, we added Bernard Spil to the HardenedBSD team with a goal to bring in and maintain LibreSSL in base. Given the effort involved in maintaining such a complex piece of software, we at HardenedBSD have made the decision to keep it as a feature branch in the playground repo for now. Those who wish to check out Bernard's awesome, hard work can check out the repo here. We will soon start auto-syncing that feature branch on our normal six-hour cycle and we will produce periodic binary updates. As of today, the first binary update has been published. You can use this hbsd-update.conf file to tell hbsd-update to switch to the LibreSSL branch. If you wish to compile your own version of HardenedBSD with LibreSSL base, you will need to add WITH_LIBRESSL=yes to src.conf.

We would like to thank Bernard for volunteering. He has been a tremendous help. Here is a teaser screenshot.

New stable release: HardenedBSD-stable 10-STABLE v44.4

Submitted by op on

HardenedBSD-10-STABLE-v44.4 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a ntpd security update

More information will be in the FreeBSD's SA:
Security: CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550
Security: CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518
Security: CVE-2016-2519
Security: FreeBSD-SA-16:16.ntp

Pages

Subscribe to HardenedBSD RSS