#
310419 |
|
22-Dec-2016 |
delphij |
Fix multiple vulnerabilities of ntp.
Approved by: so
|
#
309697 |
|
07-Dec-2016 |
glebius |
Merge r309688: address regressions in SA-16:37.libc.
PR: 215105 Submitted by: <jtd2004a sbcglobal.net> Approved by: so
|
#
309637 |
|
06-Dec-2016 |
glebius |
Fix possible login(1) argument injection in telnetd(8). [SA-16:36] Fix link_ntoa(3) buffer overflow in libc. [SA-16:37] Fix warnings about valid time zone abbreviations. [EN-16:19] Update timezone database information. [EN-16:20]
Security: FreeBSD-SA-16:36.telnetd Security: FreeBSD-SA-16:37.libc Errata Notice: FreeBSD-EN-16:19.tzcode Errata Notice: FreeBSD-EN-16:20.tzdata Approved by: so
|
#
308205 |
|
02-Nov-2016 |
delphij |
Fix BIND remote Denial of Service vulnerability. [SA-16:34]
Fix OpenSSL remote DoS vulnerability. [SA-16:35]
Security: FreeBSD-SA-16:34.bind Security: FreeBSD-SA-16:35.openssl Approved by: so
|
#
307931 |
|
25-Oct-2016 |
glebius |
Revised SA-16:15. The initial patch didn't cover all possible overflows based on passing incorrect parameters to sysarch(2).
Security: SA-16:15 Approved by: so
|
#
306942 |
|
10-Oct-2016 |
delphij |
Fix BIND remote Denial of Service vulnerability. [SA-16:28]
Fix bspatch heap overflow vulnerability. [SA-16:29]
Fix multiple portsnap vulnerabilities. [SA-16:30]
Approved by: so
|
#
306336 |
|
26-Sep-2016 |
delphij |
Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:
Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim PR: 212921 Approved by: so
|
#
306230 |
|
23-Sep-2016 |
delphij |
Fix multiple OpenSSL vulnerabilitites.
Approved by: so Security: FreeBSD-SA-16:26.openssl
|
#
303304 |
|
25-Jul-2016 |
delphij |
Fix bspatch heap overflow vulnerability. [SA-16:25]
Fix freebsd-update(8) support of FreeBSD 11.0 release distribution. [EN-16:09]
Approved by: so
|
#
301301 |
|
04-Jun-2016 |
delphij |
Fix multiple ntp vulnerabilities.
Security: FreeBSD-SA-16:24.ntp Approved by: so
|
#
301049 |
|
31-May-2016 |
glebius |
Fix kernel stack disclosure in Linux compatibility layer. [SA-16:20] Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21]
Security: SA-16:20 Security: SA-16:21 Approved by: so
|
#
300088 |
|
17-May-2016 |
glebius |
- Use unsigned version of min() when handling arguments of SETFKEY ioctl. - Validate that user supplied control message length in sendmsg(2) is not negative.
Security: SA-16:18 Security: CVE-2016-1886 Security: SA-16:19 Security: CVE-2016-1887 Submitted by: C Turt <cturt hardenedbsd.org> Approved by: so
|
#
299068 |
|
04-May-2016 |
delphij |
Fix multiple OpenSSL vulnerabilitites. [SA-16:17]
Fix memory leak in ZFS. [EN-16:08]
Approved by: so
|
#
298770 |
|
29-Apr-2016 |
delphij |
Fix ntp multiple vulnerabilities.
Approved by: so
|
#
296953 |
|
16-Mar-2016 |
glebius |
o Fix OpenSSH xauth(1) command injection. [SA-16:14] o Fix incorrect argument validation in sysarch(2). [SA-16:15]
Security: FreeBSD-SA-16:14.openssh-xauth, CVE-2016-3115 Security: FreeBSD-SA-16:15.sysarch, CVE-2016-1885 Approved by: so
|
#
296611 |
|
10-Mar-2016 |
delphij |
Fix multiple vulnerabilities of BIND. [SA-16:13]
Fix a regression with OpenSSL patch. [SA-16:12]
Approved by: so
|
#
296465 |
|
07-Mar-2016 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-16:12.openssl Approved by: so
|
#
295061 |
|
30-Jan-2016 |
delphij |
Fix OpenSSL SSLv2 ciphersuite downgrade vulnerability.
Security: CVE-2015-3197 Security: FreeBSD-SA-16:11.openssl Approved by: so
|
#
294905 |
|
27-Jan-2016 |
delphij |
Fix BIND remote denial of service vulnerability. [SA-16:08]
Fix multiple vulnerabilities of ntp. [SA-16:09]
Fix Linux compatibility layer issetugid(2) system call vulnerability. [SA-16:10]
Security: FreeBSD-SA-16:08.bind Security: FreeBSD-SA-16:09.ntp Security: FreeBSD-SA-16:10.linux Approved by: so
|
#
294054 |
|
14-Jan-2016 |
glebius |
Fix OpenSSH client information leak.
Security: SA-16:07.openssh Security: CVE-2016-0777 Approved by: so
|
#
293896 |
|
14-Jan-2016 |
glebius |
o Fix invalid TCP checksums with pf(4). [EN-16:02.pf] o Fix YP/NIS client library critical bug. [EN-16:03.yplib] o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp] o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp] o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux] o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux] o Fix TCP MD5 signature denial of service. [SA-16:05.tcp] o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd]
Errata: FreeBSD-EN-16:02.pf Errata: FreeBSD-EN-16:03.yplib Security: FreeBSD-SA-16:01.sctp, CVE-2016-1879 Security: FreeBSD-SA-16:02.ntp, CVE-2015-5300 Security: FreeBSD-SA-16:03.linux, CVE-2016-1880 Security: FreeBSD-SA-16:04.linux, CVE-2016-1881 Security: FreeBSD-SA-16:05.tcp, CVE-2016-1882 Security: FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677 Approved by: so
|
#
292321 |
|
16-Dec-2015 |
delphij |
Fix BIND remote denial of service vulnerability. [SA-15:27]
Security: FreeBSD-SA-15:27.bind Security: CVE-2015-8000 Approved by: so
|
#
291854 |
|
05-Dec-2015 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:26.openssl Approved by: so
|
#
290363 |
|
04-Nov-2015 |
glebius |
o Fix regressions related to SA-15:25 upgrade of NTP. [1] o Fix kqueue write events never fired for files greater 2GB. [2] o Fix kpplications exiting due to segmentation violation on a correct memory address. [3]
PR: 204046 [1] PR: 204203 [1] Errata Notice: FreeBSD-EN-15:19.kqueue [2] Errata Notice: FreeBSD-EN-15:20.vm [3] Approved by: so
|
#
290001 |
|
26-Oct-2015 |
glebius |
Upgrade NTP to 4.2.8p4.
Security: FreeBSD-SA-15:25.ntp Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Approved by: so
|
#
288512 |
|
02-Oct-2015 |
delphij |
Fix a regression with SA-15:24 patch that prevented NIS from working.
Approved by: so
|
#
288385 |
|
29-Sep-2015 |
delphij |
The Sun RPC framework uses a netbuf structure to represent the transport specific form of a universal transport address. The structure is expected to be opaque to consumers. In the current implementation, the structure contains a pointer to a buffer that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind Security: CVE-2015-7236 Approved by: so
|
#
287873 |
|
16-Sep-2015 |
delphij |
Implement pubkey support for pkg(7) bootstrap. [EN-15:18]
Approved by: so
|
#
287410 |
|
02-Sep-2015 |
delphij |
Fix remote denial of service vulnerability when parsing malformed key.
Security: CVE-2015-5722 Security: FreeBSD-SA-15:23.bind Approved by: so
|
#
287147 |
|
25-Aug-2015 |
delphij |
Fix local privilege escalation in IRET handler. [SA-15:21]
Fix OpenSSH multiple vulnerabilities. [SA-15:22]
Fix insufficient check of unsupported pkg(7) signature methods. [EN-15:15]
Approved by: so
|
#
286902 |
|
18-Aug-2015 |
delphij |
Fix multiple integer overflows in expat.
Security: CVE-2015-1283 Security: FreeBSD-SA-15:20.expat Approved by: so
|
#
286352 |
|
05-Aug-2015 |
delphij |
Fix routed remote denial of service vulnerability. [SA-15:19]
Approved by: so
|
#
285980 |
|
28-Jul-2015 |
delphij |
Fix resource exhaustion in TCP reassembly. [SA-15:15]
Fix OpenSSH multiple vulnerabilities. [SA-15:16]
Fix BIND remote denial of service vulnerability. [SA-15:17]
Approved by: so
|
#
285780 |
|
21-Jul-2015 |
delphij |
Fix resource exhaustion due to sessions stuck in LAST_ACK state.
Security: CVE-2015-5358 Security: SA-15:13.tcp Submitted by: Jonathan Looney (Juniper SIRT) Approved by: so
|
#
285258 |
|
07-Jul-2015 |
delphij |
Fix BIND resolver remote denial of service when validating.
Security: CVE-2015-4620 Security: FreeBSD-SA-15:11.bind Approved by: so
|
#
284986 |
|
30-Jun-2015 |
delphij |
[EN-15:08] Revised: Improvements to sendmail TLS/DH interoperability.
[EN-15:09] Fix inconsistency between locale and rune locale states.
Approved by: so
|
#
284536 |
|
18-Jun-2015 |
delphij |
Raise the default for sendmail client connections to 1024-bit DH parameters to imporve TLS/DH interoperability with newer SSL/TLS suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD- SA-15:10.openssl).
This is MFC of r284436 (gshapiro), the original commit message was:
=== The import of openssl to address the FreeBSD-SA-15:10.openssl security advisory includes a change which rejects handshakes with DH parameters below 768 bits. sendmail releases prior to 8.15.2 (not yet released), defaulted to a 512 bit DH parameter setting for client connections. This commit chages that default to 1024 bits. sendmail 8.15.2, when released well use a default of 2048 bits. ===
Reported by: Frank Seltzer Errata Notice: FreeBSD-EN-15:08.sendmail Approved by: so
|
#
284295 |
|
12-Jun-2015 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:10.openssl Approved by: so
|
#
284194 |
|
09-Jun-2015 |
delphij |
Update base system file(1) to 5.22 to address multiple denial of service issues. [EN-15:06]
Approved by: so
|
#
282874 |
|
13-May-2015 |
delphij |
Fix bug with freebsd-update(8) that does not ensure the previous upgrade was completed. [EN-15:04]
Approved by: so
|
#
281233 |
|
07-Apr-2015 |
delphij |
Improve patch for SA-15:04.igmp to solve a potential buffer overflow.
Fix multiple vulnerabilities of ntp. [SA-15:07]
Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]
Approved by: so
|
#
280275 |
|
20-Mar-2015 |
delphij |
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD and OpenSSL developers. The change was removed from the formal OpenSSL release and does not solve security issue. - Properly fix CVE-2015-0209 and CVE-2015-0288.
Approved by: so
|
#
280267 |
|
19-Mar-2015 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-15:06.openssl Security: CVE-2015-0209 Security: CVE-2015-0286 Security: CVE-2015-0287 Security: CVE-2015-0288 Security: CVE-2015-0289 Security: CVE-2015-0293 Approved by: so
|
#
279265 |
|
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix BIND remote denial of service vulnerability. [SA-15:05]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 0.9.8zd. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so
|
#
277808 |
|
27-Jan-2015 |
delphij |
Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability and SCTP stream reset vulnerability.
Security: FreeBSD-SA-15:02.kmem Security: CVE-2014-8612 Security: FreeBSD-SA-15:03.sctp Security: CVE-2014-8613 Approved by: so
|
#
277195 |
|
14-Jan-2015 |
delphij |
Fix multiple vulnerabilities in OpenSSL. [SA-15:01]
Approved by: so
|
#
276157 |
|
23-Dec-2014 |
des |
[SA-14:31] Fix multiple vulnerabilities in NTP suite. [EN-14:13] Fix directory deletion issue in freebsd-update.
Approved by: so
|
#
275672 |
|
10-Dec-2014 |
delphij |
Fix multiple vulnerabilities in file(1) and libmagic(3).
Security: FreeBSD-SA-14:28.file Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
Fix BIND remote denial of service vulnerability.
Security: FreeBSD-SA-14:29.bind Security: CVE-2014-8500
Approved by: so
|
#
274114 |
|
04-Nov-2014 |
des |
[SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2). [SA-14:26] Fix remote command execution in ftp(1). [EN-14:12] Fix NFSv4 and ZFS cache consistency issue.
Approved by: so (des)
|
#
273438 |
|
21-Oct-2014 |
delphij |
Time zone data file update. [EN-14:10]
Change crypt(3) default hashing algorithm back to DES. [EN-14:11]
Approved by: so
|
#
273415 |
|
21-Oct-2014 |
delphij |
Fix rtsold(8) remote buffer overflow vulnerability. [SA-14:20]
Fix routed(8) remote denial of service vulnerability. [SA-14:21]
Fix memory leak in sandboxed namei lookup. [SA-14:22]
Fix OpenSSL multiple vulnerabilities. [SA-14:23]
Approved by: so
|
#
271669 |
|
16-Sep-2014 |
delphij |
Fix Denial of Service in TCP packet processing.
Security: FreeBSD-SA-14:19.tcp Approved by: so
|
#
271305 |
|
09-Sep-2014 |
delphij |
Fix multiple OpenSSL vulnerabilities:
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. [CVE-2014-3510]
Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510 Security: FreeBSD-SA-14:18.openssl Approved by: so
|
#
268510 |
|
10-Jul-2014 |
gjb |
Anticipate when we will announce 9.3-RELEASE.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
267655 |
|
19-Jun-2014 |
gjb |
Remove svn:mergeinfo carried over from stable/9.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
288512 |
|
02-Oct-2015 |
delphij |
Fix a regression with SA-15:24 patch that prevented NIS from working.
Approved by: so
|
#
288385 |
|
29-Sep-2015 |
delphij |
The Sun RPC framework uses a netbuf structure to represent the transport specific form of a universal transport address. The structure is expected to be opaque to consumers. In the current implementation, the structure contains a pointer to a buffer that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind Security: CVE-2015-7236 Approved by: so
|
#
287873 |
|
16-Sep-2015 |
delphij |
Implement pubkey support for pkg(7) bootstrap. [EN-15:18]
Approved by: so
|
#
287410 |
|
02-Sep-2015 |
delphij |
Fix remote denial of service vulnerability when parsing malformed key.
Security: CVE-2015-5722 Security: FreeBSD-SA-15:23.bind Approved by: so
|
#
287147 |
|
25-Aug-2015 |
delphij |
Fix local privilege escalation in IRET handler. [SA-15:21]
Fix OpenSSH multiple vulnerabilities. [SA-15:22]
Fix insufficient check of unsupported pkg(7) signature methods. [EN-15:15]
Approved by: so
|
#
286902 |
|
18-Aug-2015 |
delphij |
Fix multiple integer overflows in expat.
Security: CVE-2015-1283 Security: FreeBSD-SA-15:20.expat Approved by: so
|
#
286352 |
|
05-Aug-2015 |
delphij |
Fix routed remote denial of service vulnerability. [SA-15:19]
Approved by: so
|
#
285980 |
|
28-Jul-2015 |
delphij |
Fix resource exhaustion in TCP reassembly. [SA-15:15]
Fix OpenSSH multiple vulnerabilities. [SA-15:16]
Fix BIND remote denial of service vulnerability. [SA-15:17]
Approved by: so
|
#
285780 |
|
21-Jul-2015 |
delphij |
Fix resource exhaustion due to sessions stuck in LAST_ACK state.
Security: CVE-2015-5358 Security: SA-15:13.tcp Submitted by: Jonathan Looney (Juniper SIRT) Approved by: so
|
#
285258 |
|
07-Jul-2015 |
delphij |
Fix BIND resolver remote denial of service when validating.
Security: CVE-2015-4620 Security: FreeBSD-SA-15:11.bind Approved by: so
|
#
284986 |
|
30-Jun-2015 |
delphij |
[EN-15:08] Revised: Improvements to sendmail TLS/DH interoperability.
[EN-15:09] Fix inconsistency between locale and rune locale states.
Approved by: so
|
#
284536 |
|
18-Jun-2015 |
delphij |
Raise the default for sendmail client connections to 1024-bit DH parameters to imporve TLS/DH interoperability with newer SSL/TLS suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD- SA-15:10.openssl).
This is MFC of r284436 (gshapiro), the original commit message was:
=== The import of openssl to address the FreeBSD-SA-15:10.openssl security advisory includes a change which rejects handshakes with DH parameters below 768 bits. sendmail releases prior to 8.15.2 (not yet released), defaulted to a 512 bit DH parameter setting for client connections. This commit chages that default to 1024 bits. sendmail 8.15.2, when released well use a default of 2048 bits. ===
Reported by: Frank Seltzer Errata Notice: FreeBSD-EN-15:08.sendmail Approved by: so
|
#
284295 |
|
12-Jun-2015 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:10.openssl Approved by: so
|
#
284194 |
|
09-Jun-2015 |
delphij |
Update base system file(1) to 5.22 to address multiple denial of service issues. [EN-15:06]
Approved by: so
|
#
282874 |
|
13-May-2015 |
delphij |
Fix bug with freebsd-update(8) that does not ensure the previous upgrade was completed. [EN-15:04]
Approved by: so
|
#
281233 |
|
07-Apr-2015 |
delphij |
Improve patch for SA-15:04.igmp to solve a potential buffer overflow.
Fix multiple vulnerabilities of ntp. [SA-15:07]
Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]
Approved by: so
|
#
280275 |
|
20-Mar-2015 |
delphij |
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD and OpenSSL developers. The change was removed from the formal OpenSSL release and does not solve security issue. - Properly fix CVE-2015-0209 and CVE-2015-0288.
Approved by: so
|
#
280267 |
|
19-Mar-2015 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-15:06.openssl Security: CVE-2015-0209 Security: CVE-2015-0286 Security: CVE-2015-0287 Security: CVE-2015-0288 Security: CVE-2015-0289 Security: CVE-2015-0293 Approved by: so
|
#
279265 |
|
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix BIND remote denial of service vulnerability. [SA-15:05]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 0.9.8zd. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so
|
#
277808 |
|
27-Jan-2015 |
delphij |
Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability and SCTP stream reset vulnerability.
Security: FreeBSD-SA-15:02.kmem Security: CVE-2014-8612 Security: FreeBSD-SA-15:03.sctp Security: CVE-2014-8613 Approved by: so
|
#
277195 |
|
14-Jan-2015 |
delphij |
Fix multiple vulnerabilities in OpenSSL. [SA-15:01]
Approved by: so
|
#
276157 |
|
23-Dec-2014 |
des |
[SA-14:31] Fix multiple vulnerabilities in NTP suite. [EN-14:13] Fix directory deletion issue in freebsd-update.
Approved by: so
|
#
275672 |
|
10-Dec-2014 |
delphij |
Fix multiple vulnerabilities in file(1) and libmagic(3).
Security: FreeBSD-SA-14:28.file Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
Fix BIND remote denial of service vulnerability.
Security: FreeBSD-SA-14:29.bind Security: CVE-2014-8500
Approved by: so
|
#
274114 |
|
04-Nov-2014 |
des |
[SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2). [SA-14:26] Fix remote command execution in ftp(1). [EN-14:12] Fix NFSv4 and ZFS cache consistency issue.
Approved by: so (des)
|
#
273438 |
|
21-Oct-2014 |
delphij |
Time zone data file update. [EN-14:10]
Change crypt(3) default hashing algorithm back to DES. [EN-14:11]
Approved by: so
|
#
273415 |
|
21-Oct-2014 |
delphij |
Fix rtsold(8) remote buffer overflow vulnerability. [SA-14:20]
Fix routed(8) remote denial of service vulnerability. [SA-14:21]
Fix memory leak in sandboxed namei lookup. [SA-14:22]
Fix OpenSSL multiple vulnerabilities. [SA-14:23]
Approved by: so
|
#
271669 |
|
16-Sep-2014 |
delphij |
Fix Denial of Service in TCP packet processing.
Security: FreeBSD-SA-14:19.tcp Approved by: so
|
#
271305 |
|
09-Sep-2014 |
delphij |
Fix multiple OpenSSL vulnerabilities:
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. [CVE-2014-3510]
Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510 Security: FreeBSD-SA-14:18.openssl Approved by: so
|
#
268510 |
|
10-Jul-2014 |
gjb |
Anticipate when we will announce 9.3-RELEASE.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
267655 |
|
19-Jun-2014 |
gjb |
Remove svn:mergeinfo carried over from stable/9.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|