Mises à jour de Sécurité

Paquets Logiciels de mport

Pour les avis de sécurité liés aux paquets, essayez le nouveau site web Conseil de Sécurité. Pour détecter des paquets vulnérables intallés sur le système, installer le client de conseil de sécurité avec mport install security-advisory-client. Puis exécuter simplement advisory.pl pour vérifier votre système.

Conseil de sécurité sur MidnightBSD

8 Août 2017

MidnightBSD 0.8.6 RELEASE

Update em(4) ajout du support des era Intel NICs skylake et kabylake.

Update usb(4) ajout du support des nouveaux contrôleurs Intel et Asmedia et de plusieurs nouveaux matériels.

Vulnérabilité du service de nom Heimdal KDC-REP patchée.

serf 1.3.9

subversion 1.8.10

13 Décembre 2016

MidnightBSD 0.8.5 RELEASE

Résolution de deux problèmes de sécurité, telnetd et link_ntoa(3) dans libc.

5 Novembre 2016

MidnightBSD 0.8.4 RELEASE

BIND 9.9.9-p4
OpenSSH 7.3p1

Patch de sécurité OpenSSL
Due to improper handling of alert packets, OpenSSL would consume an excessive amount of CPU time processing undefined alert messages.

25 Octobre 2016

MidnightBSD 0.8.3 RELEASE

Revised patch to address a problem pointed out by ahaha from Chaitin Tech.

1 Octobre 2016

MidnightBSD 0.8.2 RELEASE

Fix a regression with OpenSSL security.

Sendmail 8.15.2

23 Spetembre 2016

MidnightBSD 0.8.1 RELEASE

Security Updates for OpenSSL

A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. [CVE-2016-6304]

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. [CVE-2016-6303]

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash. [CVE-2016-6302]

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed. [CVE-2016-2182]

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented. [CVE-2016-2180]

Some calculations of limits in OpenSSL have used undefined pointer arithmetic. This could cause problems with some malloc implementations. [CVE-2016-2177]

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. [CVE-2016-2178]

In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. [CVE-2016-2179]

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection. [CVE-2016-2181]

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms. [CVE-2016-6306]

31 Mai 2016

MidnightBSD 0.7.9 RELEASE

Fix four security issues with MidnightBSD.

The implementation of TIOCGSERIAL ioctl(2) does not clear the output struct before sending to userland in the linux emulation layer.

The compat 43 stat(2) system call exposes kernel stack to userland.

libarchive - CVE-2015-2304 and CVE-2013-0211 fix issues with cpio directory traversal and an integer signedness error in the archive write zip data routine.

19 Mai 2016

MidnightBSD 0.7.8 RELEASE

Kernel Security updates

atkbd(4) - Incorrect signedness comparison in the ioctl(2) handler allows a malicious local user to overwrite a portion of the kernel memory.

Incorrect argument handling in sendmsg(2)

Incorrect argument handling in the socket code allows malicious local user to overwrite large portion of the kernel memory.

5 Mai 2016

MidnightBSD 0.7.7 RELEASE

OpenSSL security patch

The padding check in AES-NI CBC MAC was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. [CVE-2016-2107]

An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. [CVE-2016-2105]

An overflow can occur in the EVP_EncryptUpdate() function, however it is believed that there can be no overflows in internal code due to this problem. [CVE-2016-2106]

When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can cause allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. [CVE-2016-2109]

17 Mars 2016

MidnightBSD 0.7.6 RELEASE

OpenSSH doesn't have the luck of the Irish.

Fix a security issue with OpenSSH X11 forwarding that can allow an attacker run shell commands on the call to xauth.

Incorrect argument validation in sysarch(2)

A special combination of sysarch(2) arguments, specify a request to uninstall a set of descriptors from the LDT. The start descriptor is cleared and the number of descriptors are provided. Due to invalid use of a signed intermediate value in the bounds checking during argument validity verification, unbound zero'ing of the process LDT and adjacent memory can be initiated from usermode.
Patch obtained from FreeBSD.

10 Mars 2016

MidnightBSD 0.7.5 RELEASE

Security patch for OpenSSL to stop DROWN [CVE-2016-0800] [CVE-2016-0705] [CVE-2016-0798] [CVE-2016-0797] [CVE-2016-0799] [CVE-2016-0702] [CVE-2016-0704]

A programming error in the Linux compatibility layer could cause the issetugid(2) system call to return incorrect information.

30 Janvier 2016

MidnightBSD 0.7.4 RELEASE

OpenSSL CVE-2015-3197

A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2.

14 Janvier 2016

OpenSSH

Disable roaming to mitigate a security issue with OpenSSH.

0.7.3 RELEASE

OpenSSL

The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. [CVE-2015-3194]

When presented with a malformed X509_ATTRIBUTE structure, OpenSSL will leak memory. [CVE-2015-3195]

If PSK identity hints are received by a multi-threaded client then the values are incorrectly updated in the parent SSL_CTX structure. [CVE-2015-3196]

linuxolator

A programming error in the Linux compatibility layer setgroups(2) system call can lead to an unexpected results, such as overwriting random kernel memory contents.

A programming error in the handling of Linux futex robust lists may result in incorrect memory locations being accessed.

0.7.2 RELEASE

Fix a security issue with bsnmpd configuration file installation.

TCP MD5 signature denial of service

A programming error in processing a TCP connection with both TCP_MD5SIG and TCP_NOOPT socket options may lead to kernel crash.

SCTP

A lack of proper input checks in the ICMPv6 processing in the SCTP stack can lead to either a failed kernel assertion or to a NULL pointer dereference. In either case, a kernel panic will follow.

Spetembre 30, 2015

0.7.1 RELEASE

rpcbind(8) remote denial of service

In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon.

10/2: Revised rpcbind(8) patch to fix issues with NIS

Août 25, 2015

0.6.7 RELEASE

Kernel: Fix a security issue on amd64 where the GS segment CPU register can be changed via userland value in kernel mode by using an IRET with #SS or #NP exceptions.

OpenSSH: A programming error in the privileged monitor process of the sshd(8) service may allow the username of an already-authenticated user to be overwritten by the unprivileged child process.

A use-after-free error in the privileged monitor process of he sshd(8) service may be deterministically triggered by the actions of a compromised unprivileged child process.

A use-after-free error in the session multiplexing code in the sshd(8) service may result in unintended termination of the connection.

Août 18, 2015

0.6.6 RELEASE

Fix a security vulnerabiity in the expat XML parser.

Août 8, 2015

0.6.5 RELEASE

Routed - fix a potential security issue where traffic from outside the network can disrupt routing.

Juillet 28, 2015

0.6.4 RELEASE

TCP Resassembly resource exhaustion bug: There is a mistake with the introduction of VNET, which converted the global limit on the number of segments that could belong to reassembly queues into a per-VNET limit. Because mbufs are allocated from a global pool, in the presence of a sufficient number of VNETs, the total number of mbufs attached to reassembly queues can grow to the total number of mbufs in the system, at which point all network traffic would cease.
Obtained from: FreeBSD 8

OpenSSH

Fix two security vulnerabilities: OpenSSH clients does not correctly verify DNS SSHFP records when a server offers a certificate. [CVE-2014-2653]

OpenSSH servers which are configured to allow password authentication using PAM (default) would allow many password attempts. A bug allows MaxAuthTries to be bypassed. [CVE-2015-5600]

Juillet 22, 2015

0.6.3 RELEASE

Fix a bug where TCP connections transitioning to LAST_ACK state can get stuck. This can result in a denial of service.

Juin 12, 2015

0.6.1 RELEASE

OpenSSL Security update - new version is OpenSSL 0.9.8zg

Mars 19, 2015

0.5.10 RELEASE

OpenSSL Security update

A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. [CVE-2015-0209]

An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. [CVE-2015-0286]

Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. [CVE-2015-0287]

The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. [CVE-2015-0288]

The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. [CVE-2015-0289]

A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. [CVE-2015-0293]

Février 25, 2015

0.5.9 RELEASE

Fix two security vulnerabilities.

1. BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable.

CVE-2015-1349

2. An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation.

This can result in a DOS attack.

Janvier 14, 2015

0.5.8 RELEASE

Fix several security issues with OpenSSL.

A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. [CVE-2014-3571]

A memory leak can occur in the dtls1_buffer_record function under certain conditions. [CVE-2015-0206]

When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. [CVE-2014-3569]

An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. [CVE-2014-3572]

An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. [CVE-2015-0204]

An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. [CVE-2015-0205]

OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. [CVE-2014-8275]

Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. [CVE-2014-3570]

Décembre 11, 2014

0.5.7 RELEASE

Fix a security issue with file and libmagic that can allow an attacker to create a denial of service attack on any program that uses libmagic.

20141109:

Fix perl build during buildworld when the GDBM port is installed.

Novembre 6, 2014

0.5.6 RELEASE

Update timezone data tzdata 2014i

(plus previous security fixes)

Fix two security issues:

1. sshd may link libpthread in the wrong order, shadowing libc functions and causing a possible DOS attack for connecting clients.

2. getlogin may leak kernel memory via a buffer that is copied without clearing.

Octobre 31, 2014

0.5.5 RELEASE

tnftp 20141031 fixes a security vulnerability with tnftp, CVE-2014-8517.

Octobre 27, 2014

0.5.4 RELEASE

libmport fix for packages

Octobre 21, 2014

0.5.3-RELEASE

MidnightBSD 0.5.3-RELEASE is now available via subversion.

Fix several security vulnerabilities in OpenSSL, routed, rtsold, and namei with respect to Capsicum sandboxes looking up nonexistent path names and leaking memory.

OpenSSL update adds some workarounds for the recent poodle vulnerability reported by Google.

The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network.

Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold(8).

In addition, we've released 0.5.2-RELEASE ISOs on the FTP server for both amd64 and i386. We plan to do rollup security releases periodically.

Octobre 11, 2014

0.5.2-RELEASE

Fixed a regression with mksh R50c.

Octobre 4, 2014

0.5.1-RELEASE

Fixed a security issue with mksh. For more details, view the mksh notification .

Spetembre 16, 2014

0.4-RELEASE-p15

Fix a security issue with TCP SYN.

When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window.

Spetembre 9, 2014

0.4-RELEASE-p14

OpenSSL security patch:

The receipt of a specifically crafted DTLS handshake message may cause OpenSSL to consume large amounts of memory. [CVE-2014-3506]

The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak memory. [CVE-2014-3507]

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508]

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. [CVE-2014-3510]

Juillet 10, 2014

0.4-RELEASE-p13

Fix a vulnerability in the control message API. A buffer is not properly cleared before sharing with userland.

Juin 5, 2014

0.4-RELEASE-p12

OpenSSL vulnerabilities Receipt of an invalid DTLS fragment on an OpenSSL DTLS client or server can lead to a buffer overrun. [CVE-2014-0195] Receipt of an invalid DTLS handshake on an OpenSSL DTLS client can lead the code to unnecessary recurse. [CVE-2014-0221] Carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. [CVE-2014-0224] Carefully crafted packets can lead to a NULL pointer deference in OpenSSL TLS client code if anonymous ECDH ciphersuites are enabled. [CVE-2014-3470]

Juin 4, 2014

0.4-RELEASE-p11

Sendmail failed to properly set close-on-exec for open file descriptors.

Ktrace page fault kernel trace entries were set to an incorrect size which resulted in a leak of information.

Avril 30, 2014

0.4-RELEASE-p10

Fix a TCP reassembly bug that could result in a DOS attack of the system. It may be possible to obtain portions of kernel memory as well.

Avril 9, 2014

0.4-RELEASE-p9

Fix an issue allowing an attacker to deadlock the NFS Server from a trusted client.

0.4-RELEASE-p8

Fix a security issue in OpenSSL [CVE-2014-0076]

Février 1, 2014

0.4-RELEASE-p7

Fix a minor annoyance with the default dot.profile and ssh-agent

Janvier 14, 2014

0.4-RELEASE-p6

Fix two security vulnerabilities. bsnmpd contains a stack overflow when sent certain queries. bind 9.8 when using NSEC3-signed zones zones, will crash with special crafted packets.

Novembre 29, 2013

MidnightBSD 0.4-RELEASE-p5

libc's iconv support includes an optimization that is imcompatible with gettext's msgfmt command. By turning off this optimization, we gain compatiblity with several GNU packages.

Spetembre 10, 2013

MidnightBSD 0.4-RELEASE-p4

nullfs(5)

The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not check whether the source and target of the link are both in the same nullfs instance. It is therefore possible to create a hardlink from a location in one nullfs instance to a file in another, as long as the underlying (source) filesystem is the same.

Ifioctl

As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code.

Network interface drivers, however, assume that the SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been handled at the network layer, and therefore do not perform input validation or verify the caller's credentials. Typical link-layer actions for these requests may include marking the interface as "up" and resetting the underlying hardware.

Patches obtained from FreeBSD

Août 22, 2013

MidnightBSD 0.4-RELEASE-p2

Fix an integer overflow in IP_MSFILTER (IP MULTICAST). This could be exploited to read memory by a user process.

When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized.

Patches obtained from FreeBSD

Juillet 28, 2013

MidnightBSD 0.4-RELEASE-p1

Vulnerabilities were reported in BIND and NFS Server. BIND has a defect resulting in a possible denial of service attack with malformed rdata in a query. This affects only systems running named and not DNS clients.

For NFS, the kernel incorrectly uses client supplied credentials instead of the one configured in exports(5) when filling out the anonymous credential for a NFS export, when -network or -host restrictions are used at the same time. This patch was obtained from FreeBSD.

Juin 6, 2012

MidnightBSD 0.3-RELEASE-p9

A vulnerability exists in bind related to resource records. A zero length request can cause bind to crash resulting in a denial of service or disclosure of information.

CVE-2012-1667

Mai 30, 2012

MidnightBSD 0.3-RELEASE-p8

Fix a problem with cyrpt's DES implementation when used with non 7-bit ascii passwords.

Mai 30, 2012

MidnightBSD 0.3-RELEASE-p7

An additional problem in OpenSSL was identified related to the previous (p6) patch.

Add SGC and BUF_MEM_grow_clean(3) bug fixes.

Mai 3, 2012

MidnightBSD 0.3-RELEASE-p6

OpenSSL failes to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. [CVE-2011-4576]

OpenSSL support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack. [CVE-2011-4619]

If an application uses OpenSSL's certificate policy checking when verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK flag, a policy check failure can lead to a double-free. [CVE-2011-4109]

A weakness in the OpenSSL PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). [CVE-2012-0884]

The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp functions, in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can occur on systems that parse untrusted ASN.1 data, such as X.509 certificates or RSA public keys. [CVE-2012-2110]

Décembre 23, 2011

Multiple security vulnerabilities impacting 0.3-RELEASE and 0.4-CURRENT have been patched in MidnightBSD.

  • Telnetd: Fix a root exploit from a fixed buffer that was not checked.
  • PAM: Don't allow escape from policy path. Exploitable in KDE, etc.
  • Fix pam_ssh module: If the pam_ssh module is enabled, attackers may be able to gain access to user accounts which have unencrypted SSH private keys.
  • Fix security issue with chroot and ftpd.
  • Nsdispatch(3) doesn't know it's working in a chroot and some operations can cause files to get reloaded causing a security hole in things like ftpd.

Users should update via CVS and buildworld / installworld. This corresponds to 0.3-RELEASE-p5.

Novembre 4, 2011

MidnightBSD 0.3-RELEASE-p4

Fix a problem with unix socket handling caused by the recent patch to unix socket path handling. This allows network apps to work under the linuxolator again.

Spetembre 28, 2011

MidnightBSD 0.3-RELEASE-p3

Security hole in compress and gzip with malformed .Z files can cause an infinite loop in these utilities.

Validate paths for unix domain sockets.

Mai 30, 2011

0.3-RELEASE and 0.4-CURRENT contain a vulnerable version of BIND 9.6.x. Users who use BIND and a recursive DNS server should update to 0.3-RELEASE-p2. More information can be found at US-CERT

Octobre 12, 2010

0.3-PRERELEASE and 0.4-CURRENT have an issue in all pseudofs based file systems including procfs and linprocfs that either can be used to run code as the kernel or at best crash the system. It's important to update the kernel on systems affected. If you can't do that, disable proc and linproc on your systems until a new kernel can be built. 0.2.1 is not believed to be affected as the code is significantly different and the locking issue is not present.

Spetembre 2, 2010

A minor vulnerability in libutil was reported. It can cause uses of some services such as OpenSSH to bypass cpu resource restrictions in 0.3 by use of a custom login.conf. This issue has been fixed today in kern.osreldate 3015 or better.

Juin 10, 2009

This should be applied to all systems running 0.2.1. Users on p9 simply should update their kernels. No world update is required.

IPV6:
The SIOCSIFINFO_IN6 ioctl is missing a necessary permissions check. Don't let everyone on the planet (with local access) change the properties on the IPV6 interfaces.

Anonymous pipes:
Stop unprivileged processes from reading pages of memory belonging to other processes with anonymous pipes.

0.3-Current users can verify they have the patch by checking sysctl kern.osreldate. If the value is 3005 or better, you have the patch.

Mai 21, 2009

This fix is only in configuration files for ssh and sshd. Users on p8 should simply add

Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc
to their configuration files for sshd_config and ssh_config in etc/ssh

Avril 22, 2009

The function ASN1_STRING_print_ex does not properly validate the lengths of BMPString or UniversalString objects before attempting to print them. MidnightBSD 0.2.1-RELEASE-p8 and 0.3-CURRENT include this fix.

Mars 26, 2009

Update for sudo that corrects several outstanding security advisories. This was corrected in 0.2.1-RELEASE-p7 and 0.3-CURRENT. 0.1.x is no longer receiving security patches. It is recommended that you upgrade to 0.2.1-RELEASE-p7 when possible.

Janvier 15, 2009

Prevent a DNSSEC attack with BIND. This was corrected in 0.2.1 and 0.3-CURRENT. 0.1.x is no longer receiving security patches. It is recommended that you upgrade to 0.2.1-RELEASE when possible.

Janvier 10, 2009

Fix two issues with MidnightBSD 0.2.1 and 0.3-CURRENT. The first is in OpenSSL and would allow applications that use OpenSSL to interpret an invalid certificate as valid. The second is in lukemftpd(8) that could allow long commands to be split into multiple commands.

Décembre 31, 2008

Correct a problem where bluetooth and netgraph sockets were not initialized properly. This is available in RELENG_0_2, RELENG_0_1, and current.

Novembre 24, 2008

Correct a problem in arc4random which causes the device not to get enough entropy for system services.  Geom classes initialized at startup will still have problems. Update your system to RELENG_0_2 (MidnightBSD 0.2.1-p3)

Spetembre 29, 2008

A vulnerability in ftpd could allow unauthorized access. This is network exploitable and affects all versions of MidnightBSD.
CVE-2008-4247
Update your system using cvs to RELENG_0_2 or apply the patch on the ftp server in pub/MidnightBSD/patches/0.2.1/patch-ftpd and rebuild ftpd.

Spetembre 4, 2008

ICMPv6 code does not properly check the proposed MTU in the case of a "Packet Too Big Message" Systems without IPV6 support are safe. You may update your systems or block the ICMP traffic from a firewall or router. (CURRENT/RELENG_0_2)

Spetembre 4, 2008

An issue has been reported on systems running MidnightBSD for amd64/emt64 processors. (in 64bit os) This patch was released AFTER 0.2.1-RELEASE. Update systems to RELENG_0_2 or CURRENT to get the fix. From the FreeBSD advisory on the same issue: If a General Protection Fault happens on a FreeBSD/amd64 system while it is returning from an interrupt, trap or system call, the swapgs CPU instruction may be called one extra time when it should not resulting in userland and kernel state being mixed.

Juillet 11, 2008

Update to bind 9.4.1 p1 to fix the recently reported vulnerability in most dns software. Users of BIND are recommended to update to the latest version in src on RELENG_0_2 or CURRENT, or to obtain a newer version from mports.

Mai 16, 2008

The Debian project made a patch to openssl causing a defect in the generation of ssh keys. A new utility was added to midnightbsd to detect these keys and deny them. This was applied to RELENG_0_2 and CURRENT. The utility was obtained from Ubuntu.

Avril 17, 2008

OpenSSH was updated to 5.0p1 in CURRENT to correct an issue with X11 forwarding. A patch for this issue was committed to RELENG_0_1 as well as a fix for a config file issue.

Avril 17, 2008

A Security issue was found in mksh. This only affected CURRENT users. The software was updated to r33d.

Avril 6, 2008

Bzip2 was updated to 1.05 in CURRENT to correct a security issue.

Avril 3, 2008

A security issue was found with strfmon in libc. CVE-2008-1391 Integer Overflow. This was fixed in CURRENT.

Février 15, 2008

CURRENT now has a patch to correct a potential security issue with sendfile. Files were not checked prior to serving which would allow a file that was write only to be served. While this scenario is rare, we decided to fix it anyway.
sendfile is used by many daemons including Apache httpd.

Août 1, 2007

BIND and Tcpdump were patched in 0.2 and 0.1 for recent security issues. BIND is now equivalent to 9.3.4p1.

Mai 2, 2007

CURRENT and STABLE both have the patch for IPV6 type 0 routing headers. The problem is that ipv6 routing headers could be run over the same link multiple times.

Mars 10, 2007

While many of the DST changes were imported last year, we decided to cover all cases and import the latest tzdata2007c. Users concerned about DST changes should update their sources and rebuild. The java ports may not have DST changes in place. We will review that issue.

Janvier 23, 2007

A "symlink" exploit was found in the MidnightBSD jail system. A fix was made available. Please update your /etc/rc.d/jail file from cvs. Patches will not be created until our first release.