[Midnightbsd-cvs] www [552] trunk/security/index.html: add more vulnerabilities
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Tue Sep 16 20:05:47 EDT 2014
Revision: 552
http://svnweb.midnightbsd.org/www/?rev=552
Author: laffer1
Date: 2014-09-16 20:05:46 -0400 (Tue, 16 Sep 2014)
Log Message:
-----------
add more vulnerabilities
Modified Paths:
--------------
trunk/security/index.html
Modified: trunk/security/index.html
===================================================================
--- trunk/security/index.html 2014-09-17 00:01:26 UTC (rev 551)
+++ trunk/security/index.html 2014-09-17 00:05:46 UTC (rev 552)
@@ -17,6 +17,40 @@
<div id="text">
<h2><img src="../images/oxygen/security32.png" alt="" /> Security Updates</h2>
+ <blockquote class="bluebox" id="a20140710">
+ <h3>July 10, 2014</h3>
+ <p>0.4-RELEASE-p13</p>
+ <p>Fix a vulnerability in the control message API. A buffer is not properly cleared
+ before sharing with userland.</p>
+ </blockquote>
+
+ <blockquote class="bluebox" id="a20140605">
+ <h3>June 5, 2014</h3>
+ <p>0.4-RELEASE-p12</p>
+ <p> OpenSSL vulnerabilities
+
+ Receipt of an invalid DTLS fragment on an OpenSSL DTLS client or server can
+ lead to a buffer overrun. [CVE-2014-0195]
+
+ Receipt of an invalid DTLS handshake on an OpenSSL DTLS client can lead the
+ code to unnecessary recurse. [CVE-2014-0221]
+
+ Carefully crafted handshake can force the use of weak keying material in
+ OpenSSL SSL/TLS clients and servers. [CVE-2014-0224]
+
+ Carefully crafted packets can lead to a NULL pointer deference in OpenSSL
+ TLS client code if anonymous ECDH ciphersuites are enabled. [CVE-2014-3470]</p>
+ </blockquote>
+
+ <blockquote class="bluebox" id="a20140604">
+ <h3>June 4, 2014</h3>
+ <p>0.4-RELEASE-p11</p>
+ <p>Sendmail failed to properly set close-on-exec for open file descriptors.</p>
+
+ <p>ktrace page fault kernel trace entries were set to an incorrect size which resulted
+ in a leak of information. </p>
+ </blockquote>
+
<blockquote class="bluebox" id="a20140430">
<h3>April 30, 2014</h3>
<p>0.4-RELEASE-p10</p>
More information about the Midnightbsd-cvs
mailing list