| #
310419 |
|
22-Dec-2016 |
delphij |
Fix multiple vulnerabilities of ntp.
Approved by: so
|
| #
309696 |
|
07-Dec-2016 |
glebius |
Merge r309688: address regressions in SA-16:37.libc.
PR: 215105
Submitted by: <jtd2004a sbcglobal.net>
Approved by: so
|
| #
309636 |
|
06-Dec-2016 |
glebius |
Fix possible login(1) argument injection in telnetd(8). [SA-16:36]
Fix link_ntoa(3) buffer overflow in libc. [SA-16:37]
Fix possible escape from bhyve(8) virtual machine. [SA-16:38]
Fix warnings about valid time zone abbreviations. [EN-16:19]
Update timezone database information. [EN-16:20]
Security: FreeBSD-SA-16:36.telnetd
Security: FreeBSD-SA-16:37.libc
Security: FreeBSD-SA-16:38.bhyve
Errata Notice: FreeBSD-EN-16:19.tzcode
Errata Notice: FreeBSD-EN-16:20.tzdata
Approved by: so
|
| #
308204 |
|
02-Nov-2016 |
delphij |
Fix OpenSSL remote DoS vulnerability. [SA-16:35]
Security: FreeBSD-SA-16:35.openssl
Approved by: so
|
| #
307932 |
|
25-Oct-2016 |
glebius |
Revised SA-16:15. The initial patch didn't cover all possible overflows
based on passing incorrect parameters to sysarch(2).
Security: SA-16:15
Approved by: so
|
| #
306941 |
|
10-Oct-2016 |
delphij |
Fix bspatch heap overflow vulnerability. [SA-16:29]
Fix multiple portsnap vulnerabilities. [SA-16:30]
Fix multiple libarchive vulnerabilities. [SA-16:31]
Approved by: so
|
| #
306336 |
|
26-Sep-2016 |
delphij |
Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim
PR: 212921
Approved by: so
|
| #
306230 |
|
23-Sep-2016 |
delphij |
Fix multiple OpenSSL vulnerabilitites.
Approved by: so
Security: FreeBSD-SA-16:26.openssl
|
| #
303304 |
|
25-Jul-2016 |
delphij |
Fix bspatch heap overflow vulnerability. [SA-16:25]
Fix freebsd-update(8) support of FreeBSD 11.0 release
distribution. [EN-16:09]
Approved by: so
|
| #
301301 |
|
04-Jun-2016 |
delphij |
Fix multiple ntp vulnerabilities.
Security: FreeBSD-SA-16:24.ntp
Approved by: so
|
| #
301050 |
|
31-May-2016 |
glebius |
Fix kernel stack disclosure in Linux compatibility layer. [SA-16:20]
Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21]
Security: SA-16:20
Security: SA-16:21
Approved by: so
|
| #
300085 |
|
17-May-2016 |
glebius |
- Use unsigned version of min() when handling arguments of SETFKEY ioctl.
- Validate that user supplied control message length in sendmsg(2)
is not negative.
Security: SA-16:18
Security: CVE-2016-1886
Security: SA-16:19
Security: CVE-2016-1887
Submitted by: C Turt <cturt hardenedbsd.org>
Approved by: so
|
| #
299068 |
|
04-May-2016 |
delphij |
Fix multiple OpenSSL vulnerabilitites. [SA-16:17]
Fix memory leak in ZFS. [EN-16:08]
Approved by: so
|
| #
298770 |
|
29-Apr-2016 |
delphij |
Fix ntp multiple vulnerabilities.
Approved by: so
|
| #
296954 |
|
16-Mar-2016 |
glebius |
o Fix OpenSSH xauth(1) command injection. [SA-16:14]
o Fix incorrect argument validation in sysarch(2). [SA-16:15]
o Fix Hyper-V KVP (Key-Value Pair) daemon indefinite sleep. [EN-16:04]
Errata: FreeBSD-EN-16:04.hyperv
Security: FreeBSD-SA-16:14.openssh-xauth, CVE-2016-3115
Security: FreeBSD-SA-16:15.sysarch, CVE-2016-1885
Approved by: so
|
| #
296341 |
|
03-Mar-2016 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-16:12.openssl
Approved by: so
|
| #
295061 |
|
30-Jan-2016 |
delphij |
Fix OpenSSL SSLv2 ciphersuite downgrade vulnerability.
Security: CVE-2015-3197
Security: FreeBSD-SA-16:11.openssl
Approved by: so
|
| #
294904 |
|
27-Jan-2016 |
delphij |
Fix multiple vulnerabilities of ntp. [SA-16:09]
Fix Linux compatibility layer issetugid(2) system call
vulnerability. [SA-16:10]
Security: FreeBSD-SA-16:09.ntp
Security: FreeBSD-SA-16:10.linux
Approved by: so
|
| #
294051 |
|
14-Jan-2016 |
glebius |
Fix OpenSSH client information leak.
Security: SA-16:07.openssh
Security: CVE-2016-0777
Approved by: so
|
| #
293894 |
|
14-Jan-2016 |
glebius |
o Fix invalid TCP checksums with pf(4). [EN-16:02.pf]
o Fix YP/NIS client library critical bug. [EN-16:03.yplib]
o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp]
o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp]
o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux]
o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux]
o Fix TCP MD5 signature denial of service. [SA-16:05.tcp]
o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd]
Errata: FreeBSD-EN-16:02.pf
Errata: FreeBSD-EN-16:03.yplib
Security: FreeBSD-SA-16:01.sctp, CVE-2016-1879
Security: FreeBSD-SA-16:02.ntp, CVE-2015-5300
Security: FreeBSD-SA-16:03.linux, CVE-2016-1880
Security: FreeBSD-SA-16:04.linux, CVE-2016-1881
Security: FreeBSD-SA-16:05.tcp, CVE-2016-1882
Security: FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677
Approved by: so
|
| #
291854 |
|
05-Dec-2015 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:26.openssl
Approved by: so
|
| #
290362 |
|
04-Nov-2015 |
glebius |
o Fix regressions related to SA-15:25 upgrade of NTP. [1]
o Fix kqueue write events never fired for files greater 2GB. [2]
o Fix kpplications exiting due to segmentation violation on a correct
memory address. [3]
PR: 204046 [1]
PR: 204203 [1]
Errata Notice: FreeBSD-EN-15:19.kqueue [2]
Errata Notice: FreeBSD-EN-15:20.vm [3]
Approved by: so
|
| #
290000 |
|
26-Oct-2015 |
glebius |
Upgrade NTP to 4.2.8p4.
Security: FreeBSD-SA-15:25.ntp
Security: CVE-2015-7871
Security: CVE-2015-7855
Security: CVE-2015-7854
Security: CVE-2015-7853
Security: CVE-2015-7852
Security: CVE-2015-7851
Security: CVE-2015-7850
Security: CVE-2015-7849
Security: CVE-2015-7848
Security: CVE-2015-7701
Security: CVE-2015-7703
Security: CVE-2015-7704, CVE-2015-7705
Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
Approved by: so
|
| #
288512 |
|
02-Oct-2015 |
delphij |
Fix a regression with SA-15:24 patch that prevented NIS from
working.
Approved by: so
|
| #
288385 |
|
29-Sep-2015 |
delphij |
The Sun RPC framework uses a netbuf structure to represent the
transport specific form of a universal transport address. The
structure is expected to be opaque to consumers. In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer. When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind
Security: CVE-2015-7236
Approved by: so
|
| #
287873 |
|
16-Sep-2015 |
delphij |
Implement pubkey support for pkg(7) bootstrap. [EN-15:18]
Approved by: so
|
| #
287146 |
|
25-Aug-2015 |
delphij |
Fix local privilege escalation in IRET handler. [SA-15:21]
Fix OpenSSH multiple vulnerabilities. [SA-15:22]
Disabled ixgbe(4) flow-director support. [EN-15:14]
Fix insufficient check of unsupported pkg(7) signature methods.
[EN-15:15]
Approved by: so
|
| #
286905 |
|
18-Aug-2015 |
delphij |
Fix patchlevel in UPDATING.
Spotted by: pluknet
Approved by: so
|
| #
286902 |
|
18-Aug-2015 |
delphij |
Fix multiple integer overflows in expat.
Security: CVE-2015-1283
Security: FreeBSD-SA-15:20.expat
Approved by: so
|
| #
286351 |
|
05-Aug-2015 |
delphij |
Fix patch(1) shell injection vulnerability via ed(1). [SA-15:18]
Fix routed remote denial of service vulnerability. [SA-15:19]
Approved by: so
|
| #
285979 |
|
28-Jul-2015 |
delphij |
Fix patch(1) shell injection vulnerability. [SA-15:14]
Fix resource exhaustion in TCP reassembly. [SA-15:15]
Fix OpenSSH multiple vulnerabilities. [SA-15:16]
Approved by: so
|
| #
285780 |
|
21-Jul-2015 |
delphij |
Fix resource exhaustion due to sessions stuck in LAST_ACK state.
Security: CVE-2015-5358
Security: SA-15:13.tcp
Submitted by: Jonathan Looney (Juniper SIRT)
Approved by: so
|
| #
284985 |
|
30-Jun-2015 |
delphij |
[EN-15:08] Revised: Improvements to sendmail TLS/DH interoperability.
[EN-15:09] Fix inconsistency between locale and rune locale states.
[EN-15:10] Improved iconv(3) UTF-7 support.
Approved by: so
|
| #
284536 |
|
18-Jun-2015 |
delphij |
Raise the default for sendmail client connections to 1024-bit DH
parameters to imporve TLS/DH interoperability with newer SSL/TLS
suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD-
SA-15:10.openssl).
This is MFC of r284436 (gshapiro), the original commit message
was:
===
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits. sendmail 8.15.2, when
released well use a default of 2048 bits.
===
Reported by: Frank Seltzer
Errata Notice: FreeBSD-EN-15:08.sendmail
Approved by: so
|
| #
284295 |
|
12-Jun-2015 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:10.openssl
Approved by: so
|
| #
284230 |
|
10-Jun-2015 |
delphij |
src/UPDATING in releng/10.1 should reflect the right patchlevel.
Reported by: madpilot
Pointy hat to: delphij
Approved by: so
|
| #
284193 |
|
09-Jun-2015 |
delphij |
Update base system file(1) to 5.22 to address multiple denial of
service issues. [EN-15:06]
Improve reliability of ZFS when TRIM/UNMAP and/or L2ARC is used.
[EN-15:07]
Approved by: so
|
| #
282873 |
|
13-May-2015 |
delphij |
Fix bug with freebsd-update(8) that does not ensure the previous
upgrade was completed. [EN-15:04]
Fix deadlock on reboot with UFS tuned with SU+J. [EN-15:05]
Approved by: so
|
| #
281232 |
|
07-Apr-2015 |
delphij |
Improve patch for SA-15:04.igmp to solve a potential buffer overflow.
Fix multiple vulnerabilities of ntp. [SA-15:07]
Fix bsdinstall(8) insecure default GELI keyfile permissions. [SA-15:08]
Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]
Approved by: so
|
| #
280275 |
|
20-Mar-2015 |
delphij |
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD
and OpenSSL developers. The change was removed from the
formal OpenSSL release and does not solve security issue.
- Properly fix CVE-2015-0209 and CVE-2015-0288.
Approved by: so
|
| #
280267 |
|
19-Mar-2015 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-15:06.openssl
Security: CVE-2015-0209
Security: CVE-2015-0286
Security: CVE-2015-0287
Security: CVE-2015-0288
Security: CVE-2015-0289
Security: CVE-2015-0293
Approved by: so
|
| #
279264 |
|
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so
|
| #
277808 |
|
27-Jan-2015 |
delphij |
Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability
and SCTP stream reset vulnerability.
Security: FreeBSD-SA-15:02.kmem
Security: CVE-2014-8612
Security: FreeBSD-SA-15:03.sctp
Security: CVE-2014-8613
Approved by: so
|
| #
277195 |
|
14-Jan-2015 |
delphij |
Fix multiple vulnerabilities in OpenSSL. [SA-15:01]
Approved by: so
|
| #
276159 |
|
23-Dec-2014 |
des |
[SA-14:31] Fix multiple vulnerabilities in NTP suite.
[EN-14:13] Fix directory deletion issue in freebsd-update.
Approved by: so
|
| #
275854 |
|
17-Dec-2014 |
delphij |
Fix unbound remote denial of service vulnerability.
Security: FreeBSD-SA-14:30.unbound
Security: CVE-2014-8602
Approved by: so
|
| #
275670 |
|
10-Dec-2014 |
delphij |
Fix buffer overflow in stdio.
Security: FreeBSD-SA-14:27.stdio
Security: CVE-2014-8611
Fix multiple vulnerabilities in file(1) and libmagic(3).
Security: FreeBSD-SA-14:28.file
Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
Approved by: so
|
| #
288512 |
|
02-Oct-2015 |
delphij |
Fix a regression with SA-15:24 patch that prevented NIS from
working.
Approved by: so
|
| #
288385 |
|
29-Sep-2015 |
delphij |
The Sun RPC framework uses a netbuf structure to represent the
transport specific form of a universal transport address. The
structure is expected to be opaque to consumers. In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer. When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind
Security: CVE-2015-7236
Approved by: so
|
| #
287873 |
|
16-Sep-2015 |
delphij |
Implement pubkey support for pkg(7) bootstrap. [EN-15:18]
Approved by: so
|
| #
287146 |
|
25-Aug-2015 |
delphij |
Fix local privilege escalation in IRET handler. [SA-15:21]
Fix OpenSSH multiple vulnerabilities. [SA-15:22]
Disabled ixgbe(4) flow-director support. [EN-15:14]
Fix insufficient check of unsupported pkg(7) signature methods.
[EN-15:15]
Approved by: so
|
| #
286905 |
|
18-Aug-2015 |
delphij |
Fix patchlevel in UPDATING.
Spotted by: pluknet
Approved by: so
|
| #
286902 |
|
18-Aug-2015 |
delphij |
Fix multiple integer overflows in expat.
Security: CVE-2015-1283
Security: FreeBSD-SA-15:20.expat
Approved by: so
|
| #
286351 |
|
05-Aug-2015 |
delphij |
Fix patch(1) shell injection vulnerability via ed(1). [SA-15:18]
Fix routed remote denial of service vulnerability. [SA-15:19]
Approved by: so
|
| #
285979 |
|
28-Jul-2015 |
delphij |
Fix patch(1) shell injection vulnerability. [SA-15:14]
Fix resource exhaustion in TCP reassembly. [SA-15:15]
Fix OpenSSH multiple vulnerabilities. [SA-15:16]
Approved by: so
|
| #
285780 |
|
21-Jul-2015 |
delphij |
Fix resource exhaustion due to sessions stuck in LAST_ACK state.
Security: CVE-2015-5358
Security: SA-15:13.tcp
Submitted by: Jonathan Looney (Juniper SIRT)
Approved by: so
|
| #
284985 |
|
30-Jun-2015 |
delphij |
[EN-15:08] Revised: Improvements to sendmail TLS/DH interoperability.
[EN-15:09] Fix inconsistency between locale and rune locale states.
[EN-15:10] Improved iconv(3) UTF-7 support.
Approved by: so
|
| #
284536 |
|
18-Jun-2015 |
delphij |
Raise the default for sendmail client connections to 1024-bit DH
parameters to imporve TLS/DH interoperability with newer SSL/TLS
suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD-
SA-15:10.openssl).
This is MFC of r284436 (gshapiro), the original commit message
was:
===
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits. sendmail 8.15.2, when
released well use a default of 2048 bits.
===
Reported by: Frank Seltzer
Errata Notice: FreeBSD-EN-15:08.sendmail
Approved by: so
|
| #
284295 |
|
12-Jun-2015 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:10.openssl
Approved by: so
|
| #
284230 |
|
10-Jun-2015 |
delphij |
src/UPDATING in releng/10.1 should reflect the right patchlevel.
Reported by: madpilot
Pointy hat to: delphij
Approved by: so
|
| #
284193 |
|
09-Jun-2015 |
delphij |
Update base system file(1) to 5.22 to address multiple denial of
service issues. [EN-15:06]
Improve reliability of ZFS when TRIM/UNMAP and/or L2ARC is used.
[EN-15:07]
Approved by: so
|
| #
282873 |
|
13-May-2015 |
delphij |
Fix bug with freebsd-update(8) that does not ensure the previous
upgrade was completed. [EN-15:04]
Fix deadlock on reboot with UFS tuned with SU+J. [EN-15:05]
Approved by: so
|
| #
281232 |
|
07-Apr-2015 |
delphij |
Improve patch for SA-15:04.igmp to solve a potential buffer overflow.
Fix multiple vulnerabilities of ntp. [SA-15:07]
Fix bsdinstall(8) insecure default GELI keyfile permissions. [SA-15:08]
Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]
Approved by: so
|
| #
280275 |
|
20-Mar-2015 |
delphij |
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD
and OpenSSL developers. The change was removed from the
formal OpenSSL release and does not solve security issue.
- Properly fix CVE-2015-0209 and CVE-2015-0288.
Approved by: so
|
| #
280267 |
|
19-Mar-2015 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-15:06.openssl
Security: CVE-2015-0209
Security: CVE-2015-0286
Security: CVE-2015-0287
Security: CVE-2015-0288
Security: CVE-2015-0289
Security: CVE-2015-0293
Approved by: so
|
| #
279264 |
|
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so
|
| #
277808 |
|
27-Jan-2015 |
delphij |
Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability
and SCTP stream reset vulnerability.
Security: FreeBSD-SA-15:02.kmem
Security: CVE-2014-8612
Security: FreeBSD-SA-15:03.sctp
Security: CVE-2014-8613
Approved by: so
|
| #
277195 |
|
14-Jan-2015 |
delphij |
Fix multiple vulnerabilities in OpenSSL. [SA-15:01]
Approved by: so
|
| #
276159 |
|
23-Dec-2014 |
des |
[SA-14:31] Fix multiple vulnerabilities in NTP suite.
[EN-14:13] Fix directory deletion issue in freebsd-update.
Approved by: so
|
| #
275854 |
|
17-Dec-2014 |
delphij |
Fix unbound remote denial of service vulnerability.
Security: FreeBSD-SA-14:30.unbound
Security: CVE-2014-8602
Approved by: so
|
| #
275670 |
|
10-Dec-2014 |
delphij |
Fix buffer overflow in stdio.
Security: FreeBSD-SA-14:27.stdio
Security: CVE-2014-8611
Fix multiple vulnerabilities in file(1) and libmagic(3).
Security: FreeBSD-SA-14:28.file
Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
Approved by: so
|