[Midnightbsd-cvs] src [6886] trunk/UPDATING: Mention security patches.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Tue Oct 21 18:34:00 EDT 2014
Revision: 6886
http://svnweb.midnightbsd.org/src/?rev=6886
Author: laffer1
Date: 2014-10-21 18:34:00 -0400 (Tue, 21 Oct 2014)
Log Message:
-----------
Mention security patches. Note this list is not the same as 0.5 because of the different OpenSSL version in progress.
Modified Paths:
--------------
trunk/UPDATING
Modified: trunk/UPDATING
===================================================================
--- trunk/UPDATING 2014-10-21 22:32:29 UTC (rev 6885)
+++ trunk/UPDATING 2014-10-21 22:34:00 UTC (rev 6886)
@@ -1,5 +1,19 @@
Updating Information for MidnightBSD users.
+20141021:
+ Fix several security vulnerabilities in routed, rtsold,
+ and namei with respect to Capsicum sandboxes looking up
+ nonexistent path names and leaking memory.
+
+ The input path in routed(8) will accept queries from any source and
+ attempt to answer them. However, the output path assumes that the
+ destination address for the response is on a directly connected
+ network.
+
+ Due to a missing length check in the code that handles DNS parameters,
+ a malformed router advertisement message can result in a stack buffer
+ overflow in rtsold(8).
+
20141011:
mksh R50d - fix field splitting regression and null
pointer dereference
More information about the Midnightbsd-cvs
mailing list