No dia 11/11 uma intrusão foi encontrada em 2 máquinas do Cluster da FreeBSD.org, elas foram colocadas offline para análise e como medida preventiva outras máquinas também foram postas offline para averiguação.

Até o momento não existe confirmação de risco para nós, usuários finais, mas eles nos aconselham à olhar e acompanhar esse link que estará sendo atualizado pelo Sec Team. Abaixo a notícia na íntegra:

On Sunday 11th of November, an intrusion was detected on two machines
within the FreeBSD.org cluster.  The affected machines were taken
offline for analysis.  Additionally, a large portion of the remaining
infrastructure machines were also taken offline as a precaution.

We have found no evidence of any modifications that would put any end
user at risk.  However, we do urge all users to read the report
available at http://www.freebsd.org/news/2012-compromise.html and
decide on any required actions themselves.  We will continue to
update that page as further information becomes known.  We do not
currently believe users have been affected given current forensic
analysis, but we will provide updated information if this changes.

As a result of this event, a number of operational security changes
are being made at the FreeBSD Project, in order to further improve our
resilience to potential attacks.  We plan, therefore, to more rapidly
deprecate a number of legacy services, such as cvsup distribution of
FreeBSD source, in favour of our more robust Subversion, freebsd-update,
and portsnap models.

More information is available at
http://www.freebsd.org/news/2012-compromise.html

É pessoal segundo o anúncio abaixo, 31/07 é o fim da linha para o FreeBSD 8.1 e 8.2 no quesito segurança. Aconselha-se para quem tiver usando um desses releases, atualizar para a versão 8.3 pelo menos e continuar tendo suporte em segurança.  🙂

Hello Everyone,

On July 31st 2012, FreeBSD 8.1 and FreeBSD 8.2 will reach their End of
Life and will no longer be supported by the FreeBSD Security Team.
Users of FreeBSD 8.1 and 8.2 are strongly encouraged to upgrade to one
of the newer releases before the that date.

The current supported branches and expected EoL dates are:

  +---------------------------------------------------------------------+
  |  Branch   |  Release   |  Type  |   Release date  |  Estimated EoL  |
  |-----------+------------+--------+-----------------+-----------------|
  |RELENG_7   |n/a         |n/a     |n/a              |February 28, 2013|
  |-----------+------------+--------+-----------------+-----------------|
  |RELENG_7_4 |7.4-RELEASE |Extended|February 24, 2011|February 28, 2013|
  |-----------+------------+--------+-----------------+-----------------|
  |RELENG_8 |n/a |n/a |n/a |last release + 2y|
  |-----------+------------+--------+-----------------+-----------------|
  |RELENG_8_1 |8.1-RELEASE |Extended|July 23, 2010    |July 31, 2012    |
  |-----------+------------+--------+-----------------+-----------------|
  |RELENG_8_2 |8.2-RELEASE |Normal  |February 24, 2011|July 31, 2012    |
  |-----------+------------+--------+-----------------+-----------------|
  |RELENG_8_3 |8.3-RELEASE |Extended|April 18, 2012   |April 30, 2014   |
  |-----------+------------+--------+-----------------+-----------------|
  |RELENG_9 |n/a |n/a |n/a |last release + 2y||-----------+------------+--------+-----------------+-----------------|
  |RELENG_9_0 |9.0-RELEASE |Normal  |January 10, 2012 |January 31, 2013 |
  +---------------------------------------------------------------------+

Para aqueles que estavam esperando uma correção para algumas recentes vulnerabilidades no PHP5, saiu a versão 5.3.13 e pode ser atualizado usando sua forma preferida ou de uma outra maneira prática que é a que eu uso com o portmaster.

Para instalar o portmaster:

# portsnap fetch update

# cd /usr/ports/ports-mgmt/portmaster/

# make install clean

Para atualizar o PHP5 usando o portmaster:

# portmaster php5

That´s all folks