Security Issues with NetBSD

NetBSD has just recently disclosed a list of serveral security issues. I have compiled the list w\ workarounds and made them available in the message attachment. Just trying to give a heads up.

All information via Security Mailing

Sec Issues:

Buffer overrun in libc/libresolv DNS resolver
Buffer overrun in setlocale
Bug in NFS server code allows remote denial of service
Repeated TIOCSCTTY ioctl can corrupt session hold counts
Multiple security isses with kfd daemon
Sun RPC XDR decoder contains buffer overflow
Symlink race in pppd
Multiple vulnerabilities in OpenSSL code


This was useful to me, as I have an older NetBSD 1.5 box. There are some 1.6 problems too.

Just wondering, how many here have/run one or more netbsd boxes (besides digitalgadfly! :)

(I don't... I use OpenBSD...)

Ammo

I actually prefer netbsd and other bsd variants to other O/S distro's... it's quite stable.. and honestly considering netbsd went under and was purchased... time between patches has increased dramatically.

if you were to wait as long as was spent before the release of this bug information with any other O/S whether M$ or linux driven you would probably have a list similar or even longer.

Just my opinion, unfortunately since NetBSD as a full on entity is no more, I have moved to Free and Open BSD.... sadly.....

I regularly use Slackware 8.1 and FreeBSD 4.6. My friends and I run an NetBSD personal server and I must agree that NetBSD has gone downhill over time. I am not worried because there are enough free *nix OS out there to keep me happy. ;)