FuguIta-4.4

  • Test Releases
    • 2008-11-01 - First ISO image as a test release.
      • Based on OpenBSD 4.4
      • No additional application softwares
  • 2008-11-18 - First Beta Version
    • FuguIta-4.4-200811181beta.iso
    • with additional applications softwares
    • but some bugs are in, maybe.
  • 2008-11-27 - Release Candidate
    • FuguIta-4.4-200811271rc.iso
  • FuguIta-4.4-200812111
    • patch 001 to 006 have been applied
    • We are supplying USB Boot Image FuguIta-4.4-200812111.usbimg.bz2
      To use this, uncompress and write it into your USB flash drive. On OpenBSD, that is such as /dev/rsd?c .
  • FuguIta-4.4-200812221
    • bsd.mp boots up by default
      For booting uniprocessor kernel, type bsd[ENTER] at boot> prompt.
    • ISO/USB boot sequence (/boottmp/rc) more enhanced.
  • FuguIta-4.4-200901121
    • patch 007 has been applied
    • Saving userdata to USB drive has been enhanced a little.
  • FuguIta-4.4-200901171
    • patch 008 applied
      named(8) did not correctly check the return value of a DSA verification function, potentially allowing bypass of verification of DNSSEC DSA signatures. CVE-2009-0025.
  • FuguIta-4.4-200902101
    • patch 009 applied
      Upon reception of an invalid update with 4-byte AS attributes, bgpd - adhering to the RFCs - closed the session to the neighbor. This error in the specification allowed 3rd parties to close remote BGP sessions. In the worst case Internet connectivity could be lost.
  • FuguIta-4.4-200903221
    • patch 010 applied
      bgpd(8) did not correctly prepend its own AS to very long AS paths, causing the process to terminate because of the resulting corrupt path.
    • patch 011 applied
      sudo(8) may allow a user listed in the sudoers file to run a command as a different user than their access rule specifies when a Unix group is used in the RunAs portion of the rule. The bug only manifests when the user being granted privileges is also a member of the group in the RunAs portion of the rule.
    • little enhancement in /boottmp/fdadm and /boottmp/usbfadm .
  • FuguIta-4.4-200904161
    • patch 013 applied
      When pf attempts to perform translation on a specially crafted IP datagram, a null pointer dereference will occur, resulting in a kernel panic. In certain configurations this may be triggered by a remote attacker.
    • patch 012 (OpenSSL) not applied yet.
  • FuguIta-4.4-200904171
    • patch 012 applied
      The OpenSSL ASN.1 handling code could be forced to perform invalid memory accesses though the use of certain invalid strings (CVE-2009-0590) or under certain error conditions triggerable by invalid ASN.1 structures (CVE-2009-0789).

Bug tracking system is at LiveCD/4.4/BTS.


Return to en/LiveCD


Reload  New Edit Freeze Diff Attach Copy Rename  Top Index Search Recent Backups  Help  RSS
Last-modified: 2009-04-18 (Sat) 01:08:28 (4000d)