MidnightBSD is a new BSD-derived operating system developed with desktop users in mind. It includes all the software you'd expect for your daily tasks — email, web browsing, word processing, gaming, and much more.
With a small community of dedicated developers, MidnightBSD strives to create an easy-to-use operating system everyone can use, freely. Available for x86, AMD64 and as Virtual Machines.
March 19, 2015
OpenSSL Security update
A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. [CVE-2015-0209]
An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. [CVE-2015-0286]
Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. [CVE-2015-0287]
The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. [CVE-2015-0288]
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. [CVE-2015-0289]
A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. [CVE-2015-0293]
February 25, 2015
Fix two security vulnerabilities.
1. BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable.
2. An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation.
This can result in a DOS attack.
View available mports