# Recent vulnerabilities (libarchive, freebsd-update, etc.)



## geek (Aug 31, 2016)

Hello.

I think the community has been undesirably quiet and secretive about the recent known vulnerabilities, such as these:
https://lists.freebsd.org/pipermail/freebsd-announce/2016-August/001739.html

Are there still other known vulnerabilities currently?

I'm considering installing FreeBSD 11. Will the vulnerability be fixed until 11.0-RELEASE? What is affected by the vulnerability and what isn't? For example, are installing packages or building ports affected?


----------



## SporkVillain (Sep 2, 2016)

I haven't heard about the fix as of yet. Maybe someone who maintains that code will speak up. It would be cool if there was a dedicated security subforum on here. To my knowledge the community is fairly security minded but there isn't a lot of forum talk on the subject. 

I've been meaning to go through a Fuzz some of the FreeBSD utilities, maybe even review some drivers for security flaws.


----------



## SirDice (Sep 6, 2016)

The forums are largely user driven to provide user support. There are very few developers here. This subject is probably best asked on the freebsd-security@ mailinglist.


----------



## SporkVillain (Sep 6, 2016)

SirDice I definitely respect the purpose of the Forums. It's great that there is such a focus on support as opposed to discussion. I still do think a place for people to discuss security outside the official mailing list would be very nice, as there is a lot of pressure (at least in my mind) to be formal and "On topic" on the official mailing list. Of course everyone wants a high quality of discussion everywhere, but I think it would be nice to have a place where someone could ask something like "What's the deal ASLR on FreeBSD?" and have some discussion about it in a low pressure environment. I understand this forum might not be place for it, but I think it's something some people would enjoy.


----------



## forquare (Sep 6, 2016)

SporkVillain said:


> SirDiceI think it would be nice to have a place where someone could ask something like "What's the deal ASLR on FreeBSD?" and have some discussion about it in a low pressure environment. I understand this forum might not be place for it, but I think it's something some people would enjoy.



You might also like to visit some of the IRC channels, as this sounds like some of the stuff they may discuss from time to time - albeit in real time rather than postings.


----------

