[Midnightbsd-cvs] www [552] trunk/security/index.html: add more vulnerabilities

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Tue Sep 16 20:05:47 EDT 2014 

Revision: 552
          http://svnweb.midnightbsd.org/www/?rev=552
Author:   laffer1
Date:     2014-09-16 20:05:46 -0400 (Tue, 16 Sep 2014)
Log Message:
-----------
add more vulnerabilities

Modified Paths:
--------------
    trunk/security/index.html

Modified: trunk/security/index.html
===================================================================
--- trunk/security/index.html	2014-09-17 00:01:26 UTC (rev 551)
+++ trunk/security/index.html	2014-09-17 00:05:46 UTC (rev 552)
@@ -17,6 +17,40 @@
 			<div id="text">
 				<h2><img src="../images/oxygen/security32.png" alt="" /> Security Updates</h2>
 
+				<blockquote class="bluebox" id="a20140710">	
+					<h3>July 10, 2014</h3>
+					<p>0.4-RELEASE-p13</p>
+					<p>Fix a vulnerability in the control message API. A buffer is not properly cleared
+        before sharing with userland.</p>
+				</blockquote>
+
+				<blockquote class="bluebox" id="a20140605">
+					<h3>June 5, 2014</h3>
+					<p>0.4-RELEASE-p12</p>
+					<p>   OpenSSL vulnerabilities
+
+        Receipt of an invalid DTLS fragment on an OpenSSL DTLS client or server can
+        lead to a buffer overrun. [CVE-2014-0195]
+
+        Receipt of an invalid DTLS handshake on an OpenSSL DTLS client can lead the
+        code to unnecessary recurse.  [CVE-2014-0221]
+
+        Carefully crafted handshake can force the use of weak keying material in
+        OpenSSL SSL/TLS clients and servers. [CVE-2014-0224]
+
+        Carefully crafted packets can lead to a NULL pointer deference in OpenSSL
+        TLS client code if anonymous ECDH ciphersuites are enabled. [CVE-2014-3470]</p>
+				</blockquote>
+
+				<blockquote class="bluebox" id="a20140604">
+					<h3>June 4, 2014</h3>
+					<p>0.4-RELEASE-p11</p>
+					<p>Sendmail failed to properly set close-on-exec for open file descriptors.</p>
+
+					<p>ktrace page fault kernel trace entries were set to an incorrect size which resulted
+        in a leak of information.	</p>
+				</blockquote>
+
 				<blockquote class="bluebox" id="a20140430">
 					<h3>April 30, 2014</h3>
 					<p>0.4-RELEASE-p10</p>

More information about the Midnightbsd-cvs mailing list