[Midnightbsd-cvs] src [6968] trunk/UPDATING: document security patches for bind and igmp
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Wed Feb 25 09:44:55 EST 2015
Revision: 6968
http://svnweb.midnightbsd.org/src/?rev=6968
Author: laffer1
Date: 2015-02-25 09:44:54 -0500 (Wed, 25 Feb 2015)
Log Message:
-----------
document security patches for bind and igmp
Modified Paths:
--------------
trunk/UPDATING
Modified: trunk/UPDATING
===================================================================
--- trunk/UPDATING 2015-02-25 14:43:47 UTC (rev 6967)
+++ trunk/UPDATING 2015-02-25 14:44:54 UTC (rev 6968)
@@ -1,5 +1,21 @@
Updating Information for MidnightBSD users.
+20150225:
+ Fix two security vulnerabilities.
+
+ 1. BIND servers which are configured to perform DNSSEC validation and which
+ are using managed keys (which occurs implicitly when using
+ "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
+ unpredictable behavior due to the use of an improperly initialized
+ variable.
+
+ CVE-2015-1349
+
+ 2. An integer overflow in computing the size of IGMPv3 data buffer can result
+ in a buffer which is too small for the requested operation.
+
+ This can result in a DOS attack.
+
20141211:
Fix a security issue with file and libmagic that can allow
an attacker to create a denial of service attack on any
More information about the Midnightbsd-cvs
mailing list