TrueOS to Roll Out Trident 19.06

Trident project was launched after the transformation of TrueOS into a separate modular OS
01 July 2019   270

The release of the Trident 19.06 operating system took place, within which a ready-to-use graphical user distribution kit, reminiscent of old PC-BSD and TrueOS, is being developed by the TrueOS project based on the FreeOSD technology. The size of the installation iso-image of 3 GB (AMD64).

As part of the Trident project, the graphical environment of Lumina and all graphical tools previously available in PC-BSD, such as sysadm and AppCafe, are also being developed. The Trident project was formed after the transformation of TrueOS into a separate modular operating system that can be used as a platform for other projects. TrueOS is positioned as a "downstream" fork of FreeBSD, modifying the basic composition of FreeBSD with support for technologies such as OpenRC and LibreSSL. During the development process, the project follows a six-month release preparation cycle with an update in a predictable pre-planned time frame.

In the new release, a large update of the application versions in the repositories and components of the base system has been carried out, which have incorporated changes from the FreeBSD 13-CURRENT branch and the current ports tree. For example, chromium 75, firefox 67.0.4, iridium 2019.04.73, gpu-firmware-kmod g20190620, drm-current-kmod 4.16.g20190519, virtualbox-ose 5.2.30 are updated. Changed many of the default settings offered by TrueOS. Added a series of new system packages "* -bootstrap". ZFS On Linux related packages have been renamed nozfs and openzfs. Since the changes affected the structure of the packages of the base system, you should run the command "sudo pkg install -fy sysup" before starting the update installation process.

Two Vulnerabilities to be Found at SDL

Two of six serious vulnerabilities in this cross-platform multimedia library create conditions for remote code execution.
04 July 2019   872

The SDL (Simple Direct Layer) library set, which provides tools for hardware accelerated 2D and 3D graphics rendering, input processing, audio playback, 3D output via OpenGL / OpenGL ES, and many other related operations, revealed 6 vulnerabilities. Including in the SDL2_image library, two problems have been discovered that allow organizing remote code execution in the system. Attacks can be made on applications that use SDL to load images.

Both vulnerabilities (CVE-2019-5051, CVE-2019-5051) are present in the IMG_LoadPCX_RW function and are caused by the lack of the necessary error handler and integer overflow that can be exploited through the transfer of a specially crafted PCX file. Issues have already been fixed in the SDL_image 2.0.5 release. Information about the remaining 4 vulnerabilities has not yet been disclosed.

Vulnerabilities were found by Talos, so you can find more info at their website.