- Test Releases
- 2008-11-01 - First ISO image as a test release.
- Based on OpenBSD 4.4
- No additional application softwares
- 2008-11-18 - First Beta Version
- with additional applications softwares
- but some bugs are in, maybe.
- 2008-11-27 - Release Candidate
- patch 001 to 006 have been applied
- We are supplying USB Boot Image FuguIta-4.4-200812111.usbimg.bz2
To use this, uncompress and write it into your USB flash drive.
On OpenBSD, that is such as /dev/rsd?c .
- bsd.mp boots up by default
For booting uniprocessor kernel, type bsd[ENTER] at boot> prompt.
- ISO/USB boot sequence (/boottmp/rc) more enhanced.
- patch 007 has been applied
- Saving userdata to USB drive has been enhanced a little.
- patch 008 applied
named(8) did not correctly check the return value of a DSA verification function, potentially allowing bypass of verification of DNSSEC DSA signatures. CVE-2009-0025.
- patch 009 applied
Upon reception of an invalid update with 4-byte AS attributes, bgpd - adhering to the RFCs - closed the session to the neighbor. This error in the specification allowed 3rd parties to close remote BGP sessions. In the worst case Internet connectivity could be lost.
- patch 010 applied
bgpd(8) did not correctly prepend its own AS to very long AS paths, causing the process to terminate because of the resulting corrupt path.
- patch 011 applied
sudo(8) may allow a user listed in the sudoers file to run a command as a different user than their access rule specifies when a Unix group is used in the RunAs portion of the rule. The bug only manifests when the user being granted privileges is also a member of the group in the RunAs portion of the rule.
- little enhancement in /boottmp/fdadm and /boottmp/usbfadm .
- patch 013 applied
When pf attempts to perform translation on a specially crafted IP datagram, a null pointer dereference will occur, resulting in a kernel panic. In certain configurations this may be triggered by a remote attacker.
- patch 012 (OpenSSL) not applied yet.
- patch 012 applied
The OpenSSL ASN.1 handling code could be forced to perform invalid memory accesses though the use of certain invalid strings (CVE-2009-0590) or under certain error conditions triggerable by invalid ASN.1 structures (CVE-2009-0789).
Bug tracking system is at LiveCD/4.4/BTS.
Return to en/LiveCD