#
279264 |
|
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so
|
#
277808 |
|
27-Jan-2015 |
delphij |
Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability and SCTP stream reset vulnerability.
Security: FreeBSD-SA-15:02.kmem Security: CVE-2014-8612 Security: FreeBSD-SA-15:03.sctp Security: CVE-2014-8613 Approved by: so
|
#
277195 |
|
14-Jan-2015 |
delphij |
Fix multiple vulnerabilities in OpenSSL. [SA-15:01]
Approved by: so
|
#
276158 |
|
23-Dec-2014 |
des |
[SA-14:31] Fix multiple vulnerabilities in NTP suite. [EN-14:13] Fix directory deletion issue in freebsd-update.
Approved by: so
|
#
275854 |
|
17-Dec-2014 |
delphij |
Fix unbound remote denial of service vulnerability.
Security: FreeBSD-SA-14:30.unbound Security: CVE-2014-8602 Approved by: so
|
#
275671 |
|
10-Dec-2014 |
delphij |
Fix multiple vulnerabilities in file(1) and libmagic(3).
Security: FreeBSD-SA-14:28.file Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117 Approved by: so
|
#
274110 |
|
04-Nov-2014 |
des |
[SA-14:24] Fix denial of service attack against sshd(8). [SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2). [SA-14:26] Fix remote command execution in ftp(1). [EN-14:12] Fix NFSv4 and ZFS cache consistency issue.
Approved by: so (des)
|
#
273439 |
|
21-Oct-2014 |
delphij |
Time zone data file update. [EN-14:10]
Approved by: so
|
#
273415 |
|
21-Oct-2014 |
delphij |
Fix rtsold(8) remote buffer overflow vulnerability. [SA-14:20]
Fix routed(8) remote denial of service vulnerability. [SA-14:21]
Fix memory leak in sandboxed namei lookup. [SA-14:22]
Fix OpenSSL multiple vulnerabilities. [SA-14:23]
Approved by: so
|
#
271669 |
|
16-Sep-2014 |
delphij |
Fix Denial of Service in TCP packet processing.
Security: FreeBSD-SA-14:19.tcp Approved by: so
|
#
271304 |
|
09-Sep-2014 |
delphij |
Fix multiple OpenSSL vulnerabilities:
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. [CVE-2014-3510]
If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. [CVE-2014-3509]
A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. [CVE-2014-3511]
A malicious client or server can send invalid SRP parameters and overrun an internal buffer. [CVE-2014-3512]
A malicious server can crash the client with a NULL pointer dereference by specifying a SRP ciphersuite even though it was not properly negotiated with the client. [CVE-2014-5139]
Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139 Security: FreeBSD-SA-14:18.openssl Approved by: so
|
#
268434 |
|
08-Jul-2014 |
delphij |
Fix kernel memory disclosure in control message and SCTP notifications.
Security: FreeBSD-SA-14:17.kmem Security: CVE-2014-3952, CVE-2014-3953 Approved by: so
|
#
267829 |
|
24-Jun-2014 |
delphij |
Fix iconv(3) NULL pointer dereference and out-of-bounds array access. [SA-14:15]
Fix multiple vulnerabilities in file(1) and libmagic(3). [SA-14:16]
Worked around bug with PCID implementation. [EN-14:07]
Security: CVE-2014-3951 Security: FreeBSD-SA-14:15.iconv Security: CVE-2013-7345, CVE-2014-1943, CVE-2014-2270 Security: FreeBSD-SA-14:16.file Approved by: so
|
#
267104 |
|
05-Jun-2014 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 Security: SA-14:14.openssl Approved by: so
|
#
267017 |
|
03-Jun-2014 |
delphij |
Fix sendmail improper close-on-exec flag handling. [SA-14:11]
Fix incorrect error handling in PAM policy parser. [SA-14:13]
Fix triple-fault when executing from a threaded process. [EN-14:06]
Approved by: so
|
#
265987 |
|
13-May-2014 |
delphij |
Fix OpenSSL NULL pointer deference vulnerability. [SA-14:09]
Security: FreeBSD-SA-14:09.openssl Security: CVE-2014-0198
Fix data corruption with ciss(4). [EN-14:05]
Errata: FreeBSD-EN-14:05.ciss
Approved by: so
|
#
265124 |
|
30-Apr-2014 |
delphij |
Fix devfs rules not applied by default for jails.
Fix OpenSSL use-after-free vulnerability.
Fix TCP reassembly vulnerability.
Security: FreeBSD-SA-14:07.devfs Security: CVE-2014-3001 Security: FreeBSD-SA-14:08.tcp Security: CVE-2014-3000 Security: FreeBSD-SA-14:09.openssl Security: CVE-2010-5298 Approved by: so
|
#
264267 |
|
08-Apr-2014 |
delphij |
Fix NFS deadlock vulnerability. [SA-14:05]
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06]
Approved by: so
|
#
259758 |
|
22-Dec-2013 |
hrs |
MFS r249447: Apply patch from upstream Heimdal for encoding fix
RFC 4402 specifies the implementation of the gss_pseudo_random() function for the krb5 mechanism (and the C bindings therein). The implementation uses a PRF+ function that concatenates the output of individual krb5 pseudo-random operations produced with a counter and seed. The original implementation of this function in Heimdal incorrectly encoded the counter as a little-endian integer, but the RFC specifies the counter encoding as big-endian. The implementation initializes the counter to zero, so the first block of output (16 octets, for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402 specifies that the counter should begin at 1, but both existing implementations begin with zero and it looks like the standard will be re-issued, with test vectors, to begin at zero.)
This is upstream's commit f85652af868e64811f2b32b815d4198e7f9017f6, from 13 October, 2013: % Fix krb5's gss_pseudo_random() (n is big-endian) % % The first enctype RFC3961 prf output length's bytes are correct because % the little- and big-endian representations of unsigned zero are the % same. The second block of output was wrong because the counter was not % being encoded as big-endian. % % This change could break applications. But those applications would not % have been interoperating with other implementations anyways (in % particular: MIT's).
Approved by: re (gjb)
|
#
259128 |
|
09-Dec-2013 |
gjb |
Remove svn:mergeinfo from the releng/10.0 branch.
After branch creation from stable/10, the stable/10 branch mergeinfo was moved to the root of the branch.
Since there have not been any merges from stable/10 to releng/10.0 yet, we do not need to track any of the existing mergeinfo here.
Merges to releng/10.0 should now be done to the root of the branch.
For future branches during the release cycle, unless otherwise noted, this change will be done as part of the stable/ and releng/ branch creation.
Discussed with: peter Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
279264 |
|
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so
|
#
277808 |
|
27-Jan-2015 |
delphij |
Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability and SCTP stream reset vulnerability.
Security: FreeBSD-SA-15:02.kmem Security: CVE-2014-8612 Security: FreeBSD-SA-15:03.sctp Security: CVE-2014-8613 Approved by: so
|
#
277195 |
|
14-Jan-2015 |
delphij |
Fix multiple vulnerabilities in OpenSSL. [SA-15:01]
Approved by: so
|
#
276158 |
|
23-Dec-2014 |
des |
[SA-14:31] Fix multiple vulnerabilities in NTP suite. [EN-14:13] Fix directory deletion issue in freebsd-update.
Approved by: so
|
#
275854 |
|
17-Dec-2014 |
delphij |
Fix unbound remote denial of service vulnerability.
Security: FreeBSD-SA-14:30.unbound Security: CVE-2014-8602 Approved by: so
|
#
275671 |
|
10-Dec-2014 |
delphij |
Fix multiple vulnerabilities in file(1) and libmagic(3).
Security: FreeBSD-SA-14:28.file Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117 Approved by: so
|
#
274110 |
|
04-Nov-2014 |
des |
[SA-14:24] Fix denial of service attack against sshd(8). [SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2). [SA-14:26] Fix remote command execution in ftp(1). [EN-14:12] Fix NFSv4 and ZFS cache consistency issue.
Approved by: so (des)
|
#
273439 |
|
21-Oct-2014 |
delphij |
Time zone data file update. [EN-14:10]
Approved by: so
|
#
273415 |
|
21-Oct-2014 |
delphij |
Fix rtsold(8) remote buffer overflow vulnerability. [SA-14:20]
Fix routed(8) remote denial of service vulnerability. [SA-14:21]
Fix memory leak in sandboxed namei lookup. [SA-14:22]
Fix OpenSSL multiple vulnerabilities. [SA-14:23]
Approved by: so
|
#
271669 |
|
16-Sep-2014 |
delphij |
Fix Denial of Service in TCP packet processing.
Security: FreeBSD-SA-14:19.tcp Approved by: so
|
#
271304 |
|
09-Sep-2014 |
delphij |
Fix multiple OpenSSL vulnerabilities:
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. [CVE-2014-3510]
If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. [CVE-2014-3509]
A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. [CVE-2014-3511]
A malicious client or server can send invalid SRP parameters and overrun an internal buffer. [CVE-2014-3512]
A malicious server can crash the client with a NULL pointer dereference by specifying a SRP ciphersuite even though it was not properly negotiated with the client. [CVE-2014-5139]
Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139 Security: FreeBSD-SA-14:18.openssl Approved by: so
|
#
268434 |
|
08-Jul-2014 |
delphij |
Fix kernel memory disclosure in control message and SCTP notifications.
Security: FreeBSD-SA-14:17.kmem Security: CVE-2014-3952, CVE-2014-3953 Approved by: so
|
#
267829 |
|
24-Jun-2014 |
delphij |
Fix iconv(3) NULL pointer dereference and out-of-bounds array access. [SA-14:15]
Fix multiple vulnerabilities in file(1) and libmagic(3). [SA-14:16]
Worked around bug with PCID implementation. [EN-14:07]
Security: CVE-2014-3951 Security: FreeBSD-SA-14:15.iconv Security: CVE-2013-7345, CVE-2014-1943, CVE-2014-2270 Security: FreeBSD-SA-14:16.file Approved by: so
|
#
267104 |
|
05-Jun-2014 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 Security: SA-14:14.openssl Approved by: so
|
#
267017 |
|
03-Jun-2014 |
delphij |
Fix sendmail improper close-on-exec flag handling. [SA-14:11]
Fix incorrect error handling in PAM policy parser. [SA-14:13]
Fix triple-fault when executing from a threaded process. [EN-14:06]
Approved by: so
|
#
265987 |
|
13-May-2014 |
delphij |
Fix OpenSSL NULL pointer deference vulnerability. [SA-14:09]
Security: FreeBSD-SA-14:09.openssl Security: CVE-2014-0198
Fix data corruption with ciss(4). [EN-14:05]
Errata: FreeBSD-EN-14:05.ciss
Approved by: so
|
#
265124 |
|
30-Apr-2014 |
delphij |
Fix devfs rules not applied by default for jails.
Fix OpenSSL use-after-free vulnerability.
Fix TCP reassembly vulnerability.
Security: FreeBSD-SA-14:07.devfs Security: CVE-2014-3001 Security: FreeBSD-SA-14:08.tcp Security: CVE-2014-3000 Security: FreeBSD-SA-14:09.openssl Security: CVE-2010-5298 Approved by: so
|
#
264267 |
|
08-Apr-2014 |
delphij |
Fix NFS deadlock vulnerability. [SA-14:05]
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06]
Approved by: so
|
#
259758 |
|
22-Dec-2013 |
hrs |
MFS r249447: Apply patch from upstream Heimdal for encoding fix
RFC 4402 specifies the implementation of the gss_pseudo_random() function for the krb5 mechanism (and the C bindings therein). The implementation uses a PRF+ function that concatenates the output of individual krb5 pseudo-random operations produced with a counter and seed. The original implementation of this function in Heimdal incorrectly encoded the counter as a little-endian integer, but the RFC specifies the counter encoding as big-endian. The implementation initializes the counter to zero, so the first block of output (16 octets, for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402 specifies that the counter should begin at 1, but both existing implementations begin with zero and it looks like the standard will be re-issued, with test vectors, to begin at zero.)
This is upstream's commit f85652af868e64811f2b32b815d4198e7f9017f6, from 13 October, 2013: % Fix krb5's gss_pseudo_random() (n is big-endian) % % The first enctype RFC3961 prf output length's bytes are correct because % the little- and big-endian representations of unsigned zero are the % same. The second block of output was wrong because the counter was not % being encoded as big-endian. % % This change could break applications. But those applications would not % have been interoperating with other implementations anyways (in % particular: MIT's).
Approved by: re (gjb)
|
#
259128 |
|
09-Dec-2013 |
gjb |
Remove svn:mergeinfo from the releng/10.0 branch.
After branch creation from stable/10, the stable/10 branch mergeinfo was moved to the root of the branch.
Since there have not been any merges from stable/10 to releng/10.0 yet, we do not need to track any of the existing mergeinfo here.
Merges to releng/10.0 should now be done to the root of the branch.
For future branches during the release cycle, unless otherwise noted, this change will be done as part of the stable/ and releng/ branch creation.
Discussed with: peter Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|