#
310419 |
|
22-Dec-2016 |
delphij |
Fix multiple vulnerabilities of ntp.
Approved by: so
|
#
309696 |
|
07-Dec-2016 |
glebius |
Merge r309688: address regressions in SA-16:37.libc.
PR: 215105 Submitted by: <jtd2004a sbcglobal.net> Approved by: so
|
#
309636 |
|
06-Dec-2016 |
glebius |
Fix possible login(1) argument injection in telnetd(8). [SA-16:36] Fix link_ntoa(3) buffer overflow in libc. [SA-16:37] Fix possible escape from bhyve(8) virtual machine. [SA-16:38] Fix warnings about valid time zone abbreviations. [EN-16:19] Update timezone database information. [EN-16:20]
Security: FreeBSD-SA-16:36.telnetd Security: FreeBSD-SA-16:37.libc Security: FreeBSD-SA-16:38.bhyve Errata Notice: FreeBSD-EN-16:19.tzcode Errata Notice: FreeBSD-EN-16:20.tzdata Approved by: so
|
#
308204 |
|
02-Nov-2016 |
delphij |
Fix OpenSSL remote DoS vulnerability. [SA-16:35]
Security: FreeBSD-SA-16:35.openssl Approved by: so
|
#
307932 |
|
25-Oct-2016 |
glebius |
Revised SA-16:15. The initial patch didn't cover all possible overflows based on passing incorrect parameters to sysarch(2).
Security: SA-16:15 Approved by: so
|
#
306941 |
|
10-Oct-2016 |
delphij |
Fix bspatch heap overflow vulnerability. [SA-16:29]
Fix multiple portsnap vulnerabilities. [SA-16:30]
Fix multiple libarchive vulnerabilities. [SA-16:31]
Approved by: so
|
#
306336 |
|
26-Sep-2016 |
delphij |
Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:
Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim PR: 212921 Approved by: so
|
#
306230 |
|
23-Sep-2016 |
delphij |
Fix multiple OpenSSL vulnerabilitites.
Approved by: so Security: FreeBSD-SA-16:26.openssl
|
#
303304 |
|
25-Jul-2016 |
delphij |
Fix bspatch heap overflow vulnerability. [SA-16:25]
Fix freebsd-update(8) support of FreeBSD 11.0 release distribution. [EN-16:09]
Approved by: so
|
#
301301 |
|
04-Jun-2016 |
delphij |
Fix multiple ntp vulnerabilities.
Security: FreeBSD-SA-16:24.ntp Approved by: so
|
#
301050 |
|
31-May-2016 |
glebius |
Fix kernel stack disclosure in Linux compatibility layer. [SA-16:20] Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21]
Security: SA-16:20 Security: SA-16:21 Approved by: so
|
#
300085 |
|
17-May-2016 |
glebius |
- Use unsigned version of min() when handling arguments of SETFKEY ioctl. - Validate that user supplied control message length in sendmsg(2) is not negative.
Security: SA-16:18 Security: CVE-2016-1886 Security: SA-16:19 Security: CVE-2016-1887 Submitted by: C Turt <cturt hardenedbsd.org> Approved by: so
|
#
299068 |
|
04-May-2016 |
delphij |
Fix multiple OpenSSL vulnerabilitites. [SA-16:17]
Fix memory leak in ZFS. [EN-16:08]
Approved by: so
|
#
298770 |
|
29-Apr-2016 |
delphij |
Fix ntp multiple vulnerabilities.
Approved by: so
|
#
296954 |
|
16-Mar-2016 |
glebius |
o Fix OpenSSH xauth(1) command injection. [SA-16:14] o Fix incorrect argument validation in sysarch(2). [SA-16:15] o Fix Hyper-V KVP (Key-Value Pair) daemon indefinite sleep. [EN-16:04]
Errata: FreeBSD-EN-16:04.hyperv Security: FreeBSD-SA-16:14.openssh-xauth, CVE-2016-3115 Security: FreeBSD-SA-16:15.sysarch, CVE-2016-1885 Approved by: so
|
#
296341 |
|
03-Mar-2016 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-16:12.openssl Approved by: so
|
#
295061 |
|
30-Jan-2016 |
delphij |
Fix OpenSSL SSLv2 ciphersuite downgrade vulnerability.
Security: CVE-2015-3197 Security: FreeBSD-SA-16:11.openssl Approved by: so
|
#
294904 |
|
27-Jan-2016 |
delphij |
Fix multiple vulnerabilities of ntp. [SA-16:09]
Fix Linux compatibility layer issetugid(2) system call vulnerability. [SA-16:10]
Security: FreeBSD-SA-16:09.ntp Security: FreeBSD-SA-16:10.linux Approved by: so
|
#
294051 |
|
14-Jan-2016 |
glebius |
Fix OpenSSH client information leak.
Security: SA-16:07.openssh Security: CVE-2016-0777 Approved by: so
|
#
293894 |
|
14-Jan-2016 |
glebius |
o Fix invalid TCP checksums with pf(4). [EN-16:02.pf] o Fix YP/NIS client library critical bug. [EN-16:03.yplib] o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp] o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp] o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux] o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux] o Fix TCP MD5 signature denial of service. [SA-16:05.tcp] o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd]
Errata: FreeBSD-EN-16:02.pf Errata: FreeBSD-EN-16:03.yplib Security: FreeBSD-SA-16:01.sctp, CVE-2016-1879 Security: FreeBSD-SA-16:02.ntp, CVE-2015-5300 Security: FreeBSD-SA-16:03.linux, CVE-2016-1880 Security: FreeBSD-SA-16:04.linux, CVE-2016-1881 Security: FreeBSD-SA-16:05.tcp, CVE-2016-1882 Security: FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677 Approved by: so
|
#
291854 |
|
05-Dec-2015 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:26.openssl Approved by: so
|
#
290362 |
|
04-Nov-2015 |
glebius |
o Fix regressions related to SA-15:25 upgrade of NTP. [1] o Fix kqueue write events never fired for files greater 2GB. [2] o Fix kpplications exiting due to segmentation violation on a correct memory address. [3]
PR: 204046 [1] PR: 204203 [1] Errata Notice: FreeBSD-EN-15:19.kqueue [2] Errata Notice: FreeBSD-EN-15:20.vm [3] Approved by: so
|
#
290000 |
|
26-Oct-2015 |
glebius |
Upgrade NTP to 4.2.8p4.
Security: FreeBSD-SA-15:25.ntp Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Approved by: so
|
#
288512 |
|
02-Oct-2015 |
delphij |
Fix a regression with SA-15:24 patch that prevented NIS from working.
Approved by: so
|
#
288385 |
|
29-Sep-2015 |
delphij |
The Sun RPC framework uses a netbuf structure to represent the transport specific form of a universal transport address. The structure is expected to be opaque to consumers. In the current implementation, the structure contains a pointer to a buffer that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind Security: CVE-2015-7236 Approved by: so
|
#
287873 |
|
16-Sep-2015 |
delphij |
Implement pubkey support for pkg(7) bootstrap. [EN-15:18]
Approved by: so
|
#
287146 |
|
25-Aug-2015 |
delphij |
Fix local privilege escalation in IRET handler. [SA-15:21]
Fix OpenSSH multiple vulnerabilities. [SA-15:22]
Disabled ixgbe(4) flow-director support. [EN-15:14]
Fix insufficient check of unsupported pkg(7) signature methods. [EN-15:15]
Approved by: so
|
#
286905 |
|
18-Aug-2015 |
delphij |
Fix patchlevel in UPDATING.
Spotted by: pluknet Approved by: so
|
#
286902 |
|
18-Aug-2015 |
delphij |
Fix multiple integer overflows in expat.
Security: CVE-2015-1283 Security: FreeBSD-SA-15:20.expat Approved by: so
|
#
286351 |
|
05-Aug-2015 |
delphij |
Fix patch(1) shell injection vulnerability via ed(1). [SA-15:18]
Fix routed remote denial of service vulnerability. [SA-15:19]
Approved by: so
|
#
285979 |
|
28-Jul-2015 |
delphij |
Fix patch(1) shell injection vulnerability. [SA-15:14]
Fix resource exhaustion in TCP reassembly. [SA-15:15]
Fix OpenSSH multiple vulnerabilities. [SA-15:16]
Approved by: so
|
#
285780 |
|
21-Jul-2015 |
delphij |
Fix resource exhaustion due to sessions stuck in LAST_ACK state.
Security: CVE-2015-5358 Security: SA-15:13.tcp Submitted by: Jonathan Looney (Juniper SIRT) Approved by: so
|
#
284985 |
|
30-Jun-2015 |
delphij |
[EN-15:08] Revised: Improvements to sendmail TLS/DH interoperability.
[EN-15:09] Fix inconsistency between locale and rune locale states.
[EN-15:10] Improved iconv(3) UTF-7 support.
Approved by: so
|
#
284536 |
|
18-Jun-2015 |
delphij |
Raise the default for sendmail client connections to 1024-bit DH parameters to imporve TLS/DH interoperability with newer SSL/TLS suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD- SA-15:10.openssl).
This is MFC of r284436 (gshapiro), the original commit message was:
=== The import of openssl to address the FreeBSD-SA-15:10.openssl security advisory includes a change which rejects handshakes with DH parameters below 768 bits. sendmail releases prior to 8.15.2 (not yet released), defaulted to a 512 bit DH parameter setting for client connections. This commit chages that default to 1024 bits. sendmail 8.15.2, when released well use a default of 2048 bits. ===
Reported by: Frank Seltzer Errata Notice: FreeBSD-EN-15:08.sendmail Approved by: so
|
#
284295 |
|
12-Jun-2015 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:10.openssl Approved by: so
|
#
284230 |
|
10-Jun-2015 |
delphij |
src/UPDATING in releng/10.1 should reflect the right patchlevel.
Reported by: madpilot Pointy hat to: delphij Approved by: so
|
#
284193 |
|
09-Jun-2015 |
delphij |
Update base system file(1) to 5.22 to address multiple denial of service issues. [EN-15:06]
Improve reliability of ZFS when TRIM/UNMAP and/or L2ARC is used. [EN-15:07]
Approved by: so
|
#
282873 |
|
13-May-2015 |
delphij |
Fix bug with freebsd-update(8) that does not ensure the previous upgrade was completed. [EN-15:04]
Fix deadlock on reboot with UFS tuned with SU+J. [EN-15:05]
Approved by: so
|
#
281232 |
|
07-Apr-2015 |
delphij |
Improve patch for SA-15:04.igmp to solve a potential buffer overflow.
Fix multiple vulnerabilities of ntp. [SA-15:07]
Fix bsdinstall(8) insecure default GELI keyfile permissions. [SA-15:08]
Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]
Approved by: so
|
#
280275 |
|
20-Mar-2015 |
delphij |
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD and OpenSSL developers. The change was removed from the formal OpenSSL release and does not solve security issue. - Properly fix CVE-2015-0209 and CVE-2015-0288.
Approved by: so
|
#
280267 |
|
19-Mar-2015 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-15:06.openssl Security: CVE-2015-0209 Security: CVE-2015-0286 Security: CVE-2015-0287 Security: CVE-2015-0288 Security: CVE-2015-0289 Security: CVE-2015-0293 Approved by: so
|
#
279264 |
|
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so
|
#
277808 |
|
27-Jan-2015 |
delphij |
Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability and SCTP stream reset vulnerability.
Security: FreeBSD-SA-15:02.kmem Security: CVE-2014-8612 Security: FreeBSD-SA-15:03.sctp Security: CVE-2014-8613 Approved by: so
|
#
277195 |
|
14-Jan-2015 |
delphij |
Fix multiple vulnerabilities in OpenSSL. [SA-15:01]
Approved by: so
|
#
276159 |
|
23-Dec-2014 |
des |
[SA-14:31] Fix multiple vulnerabilities in NTP suite. [EN-14:13] Fix directory deletion issue in freebsd-update.
Approved by: so
|
#
275854 |
|
17-Dec-2014 |
delphij |
Fix unbound remote denial of service vulnerability.
Security: FreeBSD-SA-14:30.unbound Security: CVE-2014-8602 Approved by: so
|
#
275670 |
|
10-Dec-2014 |
delphij |
Fix buffer overflow in stdio.
Security: FreeBSD-SA-14:27.stdio Security: CVE-2014-8611
Fix multiple vulnerabilities in file(1) and libmagic(3).
Security: FreeBSD-SA-14:28.file Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
Approved by: so
|
#
288512 |
|
02-Oct-2015 |
delphij |
Fix a regression with SA-15:24 patch that prevented NIS from working.
Approved by: so
|
#
288385 |
|
29-Sep-2015 |
delphij |
The Sun RPC framework uses a netbuf structure to represent the transport specific form of a universal transport address. The structure is expected to be opaque to consumers. In the current implementation, the structure contains a pointer to a buffer that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind Security: CVE-2015-7236 Approved by: so
|
#
287873 |
|
16-Sep-2015 |
delphij |
Implement pubkey support for pkg(7) bootstrap. [EN-15:18]
Approved by: so
|
#
287146 |
|
25-Aug-2015 |
delphij |
Fix local privilege escalation in IRET handler. [SA-15:21]
Fix OpenSSH multiple vulnerabilities. [SA-15:22]
Disabled ixgbe(4) flow-director support. [EN-15:14]
Fix insufficient check of unsupported pkg(7) signature methods. [EN-15:15]
Approved by: so
|
#
286905 |
|
18-Aug-2015 |
delphij |
Fix patchlevel in UPDATING.
Spotted by: pluknet Approved by: so
|
#
286902 |
|
18-Aug-2015 |
delphij |
Fix multiple integer overflows in expat.
Security: CVE-2015-1283 Security: FreeBSD-SA-15:20.expat Approved by: so
|
#
286351 |
|
05-Aug-2015 |
delphij |
Fix patch(1) shell injection vulnerability via ed(1). [SA-15:18]
Fix routed remote denial of service vulnerability. [SA-15:19]
Approved by: so
|
#
285979 |
|
28-Jul-2015 |
delphij |
Fix patch(1) shell injection vulnerability. [SA-15:14]
Fix resource exhaustion in TCP reassembly. [SA-15:15]
Fix OpenSSH multiple vulnerabilities. [SA-15:16]
Approved by: so
|
#
285780 |
|
21-Jul-2015 |
delphij |
Fix resource exhaustion due to sessions stuck in LAST_ACK state.
Security: CVE-2015-5358 Security: SA-15:13.tcp Submitted by: Jonathan Looney (Juniper SIRT) Approved by: so
|
#
284985 |
|
30-Jun-2015 |
delphij |
[EN-15:08] Revised: Improvements to sendmail TLS/DH interoperability.
[EN-15:09] Fix inconsistency between locale and rune locale states.
[EN-15:10] Improved iconv(3) UTF-7 support.
Approved by: so
|
#
284536 |
|
18-Jun-2015 |
delphij |
Raise the default for sendmail client connections to 1024-bit DH parameters to imporve TLS/DH interoperability with newer SSL/TLS suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD- SA-15:10.openssl).
This is MFC of r284436 (gshapiro), the original commit message was:
=== The import of openssl to address the FreeBSD-SA-15:10.openssl security advisory includes a change which rejects handshakes with DH parameters below 768 bits. sendmail releases prior to 8.15.2 (not yet released), defaulted to a 512 bit DH parameter setting for client connections. This commit chages that default to 1024 bits. sendmail 8.15.2, when released well use a default of 2048 bits. ===
Reported by: Frank Seltzer Errata Notice: FreeBSD-EN-15:08.sendmail Approved by: so
|
#
284295 |
|
12-Jun-2015 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:10.openssl Approved by: so
|
#
284230 |
|
10-Jun-2015 |
delphij |
src/UPDATING in releng/10.1 should reflect the right patchlevel.
Reported by: madpilot Pointy hat to: delphij Approved by: so
|
#
284193 |
|
09-Jun-2015 |
delphij |
Update base system file(1) to 5.22 to address multiple denial of service issues. [EN-15:06]
Improve reliability of ZFS when TRIM/UNMAP and/or L2ARC is used. [EN-15:07]
Approved by: so
|
#
282873 |
|
13-May-2015 |
delphij |
Fix bug with freebsd-update(8) that does not ensure the previous upgrade was completed. [EN-15:04]
Fix deadlock on reboot with UFS tuned with SU+J. [EN-15:05]
Approved by: so
|
#
281232 |
|
07-Apr-2015 |
delphij |
Improve patch for SA-15:04.igmp to solve a potential buffer overflow.
Fix multiple vulnerabilities of ntp. [SA-15:07]
Fix bsdinstall(8) insecure default GELI keyfile permissions. [SA-15:08]
Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]
Approved by: so
|
#
280275 |
|
20-Mar-2015 |
delphij |
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD and OpenSSL developers. The change was removed from the formal OpenSSL release and does not solve security issue. - Properly fix CVE-2015-0209 and CVE-2015-0288.
Approved by: so
|
#
280267 |
|
19-Mar-2015 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-15:06.openssl Security: CVE-2015-0209 Security: CVE-2015-0286 Security: CVE-2015-0287 Security: CVE-2015-0288 Security: CVE-2015-0289 Security: CVE-2015-0293 Approved by: so
|
#
279264 |
|
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so
|
#
277808 |
|
27-Jan-2015 |
delphij |
Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability and SCTP stream reset vulnerability.
Security: FreeBSD-SA-15:02.kmem Security: CVE-2014-8612 Security: FreeBSD-SA-15:03.sctp Security: CVE-2014-8613 Approved by: so
|
#
277195 |
|
14-Jan-2015 |
delphij |
Fix multiple vulnerabilities in OpenSSL. [SA-15:01]
Approved by: so
|
#
276159 |
|
23-Dec-2014 |
des |
[SA-14:31] Fix multiple vulnerabilities in NTP suite. [EN-14:13] Fix directory deletion issue in freebsd-update.
Approved by: so
|
#
275854 |
|
17-Dec-2014 |
delphij |
Fix unbound remote denial of service vulnerability.
Security: FreeBSD-SA-14:30.unbound Security: CVE-2014-8602 Approved by: so
|
#
275670 |
|
10-Dec-2014 |
delphij |
Fix buffer overflow in stdio.
Security: FreeBSD-SA-14:27.stdio Security: CVE-2014-8611
Fix multiple vulnerabilities in file(1) and libmagic(3).
Security: FreeBSD-SA-14:28.file Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
Approved by: so
|