[Midnightbsd-cvs] src [6881] stable/0.5: 0.5.3 RELEASE

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Tue Oct 21 18:19:39 EDT 2014 

Revision: 6881
          http://svnweb.midnightbsd.org/src/?rev=6881
Author:   laffer1
Date:     2014-10-21 18:19:39 -0400 (Tue, 21 Oct 2014)
Log Message:
-----------
   0.5.3 RELEASE

        Fix several security vulnerabilities in OpenSSL, routed, rtsold,
        and namei with respect to Capsicum sandboxes looking up
        nonexistent path names and leaking memory.

        OpenSSL update adds some workarounds for the recent
        poodle vulnerability reported by Google.

        The input path in routed(8) will accept queries from any source and
        attempt to answer them.  However, the output path assumes that the
        destination address for the response is on a directly connected
        network.

        Due to a missing length check in the code that handles DNS parameters,
        a malformed router advertisement message can result in a stack buffer
        overflow in rtsold(8).

Modified Paths:
--------------
    stable/0.5/UPDATING
    stable/0.5/sys/conf/newvers.sh

Modified: stable/0.5/UPDATING
===================================================================
--- stable/0.5/UPDATING	2014-10-21 22:14:30 UTC (rev 6880)
+++ stable/0.5/UPDATING	2014-10-21 22:19:39 UTC (rev 6881)
@@ -1,12 +1,32 @@
 Updating Information for MidnightBSD users.
 
+20141021:
+	0.5.3 RELEASE
+
+	Fix several security vulnerabilities in OpenSSL, routed, rtsold,
+	and namei with respect to Capsicum sandboxes looking up
+	nonexistent path names and leaking memory. 
+
+	OpenSSL update adds some workarounds for the recent
+	poodle vulnerability reported by Google.
+
+	The input path in routed(8) will accept queries from any source and
+	attempt to answer them.  However, the output path assumes that the
+	destination address for the response is on a directly connected
+	network.
+
+	Due to a missing length check in the code that handles DNS parameters,
+	a malformed router advertisement message can result in a stack buffer
+	overflow in rtsold(8).
+
 20141011:
-	0.5.2
+	0.5.2 RELEASE
 
 	mksh R50d - R50c had a regression with field splitting.
 
 20141004:
-	0.5.1 
+	0.5.1 RELEASE
+
 	mksh R50c is a minor security update to fix an issue with the
 	handling of environment variables that could provide a limited
 	attack vector.

Modified: stable/0.5/sys/conf/newvers.sh
===================================================================
--- stable/0.5/sys/conf/newvers.sh	2014-10-21 22:14:30 UTC (rev 6880)
+++ stable/0.5/sys/conf/newvers.sh	2014-10-21 22:19:39 UTC (rev 6881)
@@ -32,7 +32,7 @@
 # $MidnightBSD: src/sys/conf/newvers.sh,v 1.9 2012/10/07 14:18:18 laffer1 Exp $
 
 TYPE="MidnightBSD"
-REVISION="0.5.2"
+REVISION="0.5.3"
 BRANCH="RELEASE"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}

More information about the Midnightbsd-cvs mailing list