From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,MAILING_LIST_MULTI autolearn=ham autolearn_force=no
	version=3.4.4
Received: (qmail 9588 invoked from network); 15 Apr 2023 23:21:35 -0000
Received: from alyss.skarnet.org (95.142.172.232)
  by inbox.vuxu.org with ESMTPUTF8; 15 Apr 2023 23:21:35 -0000
Received: (qmail 3275 invoked by uid 89); 15 Apr 2023 23:21:56 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
Sender: <supervision@list.skarnet.org>
Precedence: bulk
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Id: <supervision.list.skarnet.org>
Received: (qmail 3268 invoked from network); 15 Apr 2023 23:21:55 -0000
X-SourceIP: 82.21.120.173
X-Authenticated-Sender: J.deBoynePollard-newsgroups@NTLWorld.COM
X-Spam: 0
X-Authority: v=2.4 cv=PtFVLSA3 c=1 sm=1 tr=0 ts=643b3178 cx=a_exe
 a=ZwFDrNcBZCEFJ5/d6y5G6w==:117 a=ZwFDrNcBZCEFJ5/d6y5G6w==:17
 a=IkcTkHD0fZMA:10 a=dKHAf1wccvYA:10 a=ijLaIaYNAAAA:8 a=gTyXsevu8z0LUhAVd_YA:9
 a=QEXdDO2ut3YA:10 a=-FEs8UIgK8oA:10 a=ZXulRonScM0A:10
 a=Wj31fvUbPlmk6VHogOmt:22
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ntlworld.com;
	s=meg.feb2017; t=1681600888;
	bh=OQR0AcNY8M5TFVj5RWKcexzQZyR1zQ2VLg2aI/Lz4ho=;
	h=To:From:Subject:Date;
	b=fxjmuvviSQgKNebPEcyh3ubTjnTA+lORfzrYWXMM6qPWjT4NffZLh42D+gZska5ro
	 kAIaBZy+eryqMRanSLjGvVXBnXPDvhIiRg9szaLabUDy9yT15+8D+tIaiI5pumhx5b
	 gx3SFwE4iTGRf79t6RwWFJBCnw0AsvMYru5QJ17Qo9A1k5h8so5vyT2uEAAbetKVRb
	 CQmRNfAjI9tEgEYLfRwKwDit+jlprdFuHLDH9QBhHnLkXYh34Sg5Jz8uYZB2ChsIdM
	 TRAb+rkLHigWxnl5EdYeFO9dHbcQFzXJxSX0vfehrgz/gkanwnjPlX+rtWjcZMyPIl
	 mwiOkdVXBcqpg==
To: Supervision <supervision@list.skarnet.org>
From: Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups@NTLWorld.COM>
Subject: Security announcement for old PC-BSD/TrueOS machines
Message-ID: <e1584d02-3bbc-32d8-0fc5-243c3d91f391@NTLWorld.COM>
Date: Sun, 16 Apr 2023 00:21:26 +0100
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4xfGp0KZLtqzI08sphgydve4gh46GjadFW76z/J6pic29GLdjlMWgzIJRwkepKeREDYXKpDy4I9jQaGWtT5u7rONzET3AU2qpNl2iSnM98UGp5hNzq+Vif
 39T9rqfNKFWMBSOT7hM1nloYWltK9ASoQwaECJFRLw6ohopqZWBuHZdxDMGRSU9dz2iqDfkUrEL4bDExWmWWymM0SwHkBSLY7KZ0ECL1EbkzXSYmeBqFByfq
 s4mW/oMSxJ5qoXPG5C87Sg==

A small security announcement for people who have old PC-BSD/TrueOS 
machines running, or that you might boot up and run:

* https://tty0.social/@JdeBP/110204963467594963

Details of the problem, of the service fix, and of local fixes that you 
can apply for both my service management system and the original one in 
PC-BSD/TrueOS, as well as pointers to other affected systems (for which 
you will have to work out what to do yourself), are in the announcement.

If you are one of the people on this mailing list that maintains service 
definitions of some kind, and PC-BSD/TrueOS is within your remit, please 
consider also disabling these services by default.