[Midnightbsd-cvs] www: index.html: Get caught up on some of the security issues.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Fri Apr 25 10:19:19 EDT 2008
Log Message:
-----------
Get caught up on some of the security issues.
Modified Files:
--------------
www:
index.html (r1.34 -> r1.35)
-------------- next part --------------
Index: index.html
===================================================================
RCS file: /home/cvs/www/index.html,v
retrieving revision 1.34
retrieving revision 1.35
diff -L index.html -L index.html -u -r1.34 -r1.35
--- index.html
+++ index.html
@@ -148,6 +148,31 @@
<h3>Security</h3>
+
+<p>April 17, 2008<br />
+OpenSSH was updated to 5.0p1 in CURRENT to correct an issue with X11 forwarding. A patch for
+this issue was committed to RELENG_0_1 as well as a fix for a config file issue.
+</p>
+
+<p>
+A <a href="http://secunia.com/advisories/29803/">security issue</a> was found in mksh. This
+only affected CURRENT users. The software was updated to r33d</p>
+
+<p>April 6, 2008<br />
+bzip2 was updated to 1.05 in CURRENT to correct a security issue.
+</p>
+
+<p>April 3, 2008<br />
+A security issue was found with strfmon in libc.
+<a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1391">CVE-2008-1391</a> Integer Overflow.
+This was fixed in CURRENT.</p>
+
+<p>February 15, 2008<br />
+CURRENT now has a patch to correct a potential security issue with sendfile. Files were not checked prior to serving which would allow a file that was write only to be served. While this scenario is rare, we decided to fix it anyway.
+<br />
+sendfile is used by many daemons including Apache httpd.
+</p>
+
<p>August 1, 2007<br />
BIND and Tcpdump were patched in 0.2 and 0.1 for recent security issues. BIND is now equivalent to 9.3.4p1.
</p>
More information about the Midnightbsd-cvs
mailing list