[Midnightbsd-cvs] src: /src: 0.4-RELEASE-p2 Fix two security vulnerabilities.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu Aug 22 07:55:33 EDT 2013
Log Message:
-----------
0.4-RELEASE-p2
Fix two security vulnerabilities.
Fix an integer overflow in IP_MSFILTER (IP MULTICAST). This could be exploited to read memory by a user process.
When initializing the SCTP state cookie being sent in INIT-ACK chunks,
a buffer allocated from the kernel stack is not completely initialized.
Patches obtained from: FreeBSD
Tags:
----
RELENG_0_4
Modified Files:
--------------
src:
UPDATING (r1.170.2.3 -> r1.170.2.4)
(http://cvsweb.midnightbsd.org/src/UPDATING?r1=1.170.2.3&r2=1.170.2.4)
src/sys/conf:
newvers.sh (r1.9.2.3 -> r1.9.2.4)
(http://cvsweb.midnightbsd.org/src/sys/conf/newvers.sh?r1=1.9.2.3&r2=1.9.2.4)
src/sys/netinet:
in_mcast.c (r1.5 -> r1.5.2.1)
(http://cvsweb.midnightbsd.org/src/sys/netinet/in_mcast.c?r1=1.5&r2=1.5.2.1)
sctp_output.c (r1.5 -> r1.5.2.1)
(http://cvsweb.midnightbsd.org/src/sys/netinet/sctp_output.c?r1=1.5&r2=1.5.2.1)
src/sys/netinet6:
in6_mcast.c (r1.2 -> r1.2.2.1)
(http://cvsweb.midnightbsd.org/src/sys/netinet6/in6_mcast.c?r1=1.2&r2=1.2.2.1)
More information about the Midnightbsd-cvs
mailing list