Nov
19

FreeBSD Security Incident

As many of you are now aware, part of the FreeBSD build infrastructure was compromised recently. Many people have been contacting us asking how this relates to PC-BSD users. We currently locally compile and distribute all of our own packages, and at this time it looks like nothing on the PC-BSD side was impacted.

However if you are a power-user and have been manually using pkg_add to install packages from the FreeBSD package cluster, you may wish to remove these packages and rebuild from source. For more details regarding the security compromise, please take a look at the official FreeBSD page.

Share This Post:
  • Digg
  • Facebook
  • Twitter
  • email
  • LinkedIn
  • Slashdot

Written by dru. Posted in security update

Trackback from your site.

Comments (5)

  • sg1efc
    November 19, 2012 at 10:23 am |

    Thanks a lot Dru, Kris and everyone else. :)

    Reply
  • ZmajSnoshaj
    December 27, 2012 at 9:12 pm |

    Now why would they tell Power-Users to rebuild from source if “nothing was impacted”. I smell a lie.

    Reply
    • Edge
      December 27, 2012 at 10:50 pm |

      RE: “Now why would they tell Power-Users to rebuild from source if “nothing was impacted”. I smell a lie.”

      ^—-I smell a noob—-^

      Reread SLOWWWLYYYY, novice…sheesh:
      “However if you are a power-user and have been manually using pkg_add to install packages from the FreeBSD package cluster,”

      Reply
    • dru
      December 31, 2012 at 5:53 am |

      It’s actually over-cautiousness. While the forensic analysis didn’t find any packages that were modified, this disclaimer was included for those in a security environment that warrants erring on the side of caution.

      Reply
  • ZmajSnoshaj
    December 28, 2012 at 9:50 am |

    *nods*
    I bet you could smell a bit an exabyte away. Of course you smell me, I’m downloading every package on the cluster.

    Reply

Leave a comment

CAPTCHA Image
*

Please leave these two fields as-is:

Help the Project, Donate Today!