[Midnightbsd-cvs] www [612] trunk: Add security update information for openssl release

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Thu Jul 2 16:42:12 EDT 2015 

Revision: 612
          http://svnweb.midnightbsd.org/www/?rev=612
Author:   laffer1
Date:     2015-07-02 16:42:11 -0400 (Thu, 02 Jul 2015)
Log Message:
-----------
Add security update information for openssl release

Modified Paths:
--------------
    trunk/index.html
    trunk/security/index.html

Modified: trunk/index.html
===================================================================
--- trunk/index.html	2015-06-29 22:49:31 UTC (rev 611)
+++ trunk/index.html	2015-07-02 20:42:11 UTC (rev 612)
@@ -15,7 +15,7 @@
 		<meta property="og:title" content="MidnightBSD">
 		<meta property="og:description" content="MidnightBSD is a desktop operating system for x86 and x86-64 based PCs.">
 		<meta name="google-site-verification" content="UXeYyeq09VC4mCiCHwnLjorG3nxUoyOTcdhR0frXXpw">
-                <meta name="alexaVerifyID" content="pP_-WGlPDrDVXvxAfGsMp0R52to">
+		<meta name="alexaVerifyID" content="pP_-WGlPDrDVXvxAfGsMp0R52to">
 		<meta name="norton-safeweb-site-verification" content="x64m9skk6r62zazbxrrr16abm5i2xrk35q73q63fjbpkfuezh8lkdndy9hfplpxtllur8ryfprpp7cv6sl3cxgv1o1uy2t7e1ms36p5p0fte91e8wsiwx3783pehcbdx" />
 	</head>
 	
@@ -73,28 +73,34 @@
 		<div id="security" class="col-md-4">
 			<h2><a href="security/">Security »</a></h2>
 			<blockquote>
-			<p class="date">March 19, 2015</p>
-			<p class="update">
-				0.5.10 RELEASE <br> OpenSSL Security update <br> A malformed elliptic curve 
-				private key file could cause a use-after-free condition in the d2i_ECPrivateKey 
-				function. [CVE-2015-0209] <br> An attempt to compare ASN.1 boolean types will 
-				cause the ASN1_TYPE_cmp function to crash with an invalid read. [CVE-2015-0286] 
-				<br> Reusing a structure in ASN.1 parsing may allow an attacker to cause memory 
-				corruption via an invalid write. [CVE-2015-0287] <br> The function X509_to_X509_REQ 
-				will crash with a NULL pointer dereference if the certificate key is invalid. 
-				[CVE-2015-0288] <br> The PKCS#7 parsing code does not handle missing outer 
-				ContentInfo correctly. [CVE-2015-0289] <br> A malicious client can trigger an 
-				OPENSSL_assert in servers that both support SSLv2 and enable export cipher 
-				suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. [CVE-2015-0293] 
-			</p>
-			<p class="more"><a href="security/#a20150319">Read more ...</a></p>
+				<p class="date">June 12, 2015</p>
+
+				<p class="update">0.6.1 RELEASE <br>
+					OpenSSL Security update - new version is OpenSSL 0.9.8zg
+				</p>
+
+				<p class="more">
+					<a href="security/index.html#a20150612">Read more ...</a>
+				</p>
 			</blockquote>
 			<blockquote>
-				<p class="date">February 25, 2015</p>
-				<p class="update">0.5.9 RELEASE <br> Fix two security vulnerabilities. <br> 1. BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable. <br> CVE-2015-1349 <br> 2. An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. <br> This can result in a DOS attack.</p>
-				<p class="more">
-					<a href="security/#aa20150225">Read more ...</a>
+				<p class="date">March 19, 2015</p>
+
+				<p class="update">
+					0.5.10 RELEASE <br> OpenSSL Security update <br> A malformed elliptic curve
+					private key file could cause a use-after-free condition in the d2i_ECPrivateKey
+					function. [CVE-2015-0209] <br> An attempt to compare ASN.1 boolean types will
+					cause the ASN1_TYPE_cmp function to crash with an invalid read. [CVE-2015-0286]
+					<br> Reusing a structure in ASN.1 parsing may allow an attacker to cause memory
+					corruption via an invalid write. [CVE-2015-0287] <br> The function X509_to_X509_REQ
+					will crash with a NULL pointer dereference if the certificate key is invalid.
+					[CVE-2015-0288] <br> The PKCS#7 parsing code does not handle missing outer
+					ContentInfo correctly. [CVE-2015-0289] <br> A malicious client can trigger an
+					OPENSSL_assert in servers that both support SSLv2 and enable export cipher
+					suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. [CVE-2015-0293]
 				</p>
+
+				<p class="more"><a href="security/index.html#a20150319">Read more ...</a></p>
 			</blockquote>
 		</div>
 

Modified: trunk/security/index.html
===================================================================
--- trunk/security/index.html	2015-06-29 22:49:31 UTC (rev 611)
+++ trunk/security/index.html	2015-07-02 20:42:11 UTC (rev 612)
@@ -16,35 +16,60 @@
 				<a href="../" title="MidnightBSD Home">
 					MidnightBSD: The BSD For Everyone
 				</a>
-			</h1>
-		</div>
+				</h1>
+			</div>
 <!--#include virtual="/menu.html"-->
 		<div class="clear">
 		</div>
 		<div id="text">
 			<h2>
-				<img src="../images/oxygen/security32.png" alt=" " /> Security Updates
+				<img src="../images/oxygen/security32.png" alt=" "/> Security Updates
 			</h2>
+
+			<blockquote class="bluebox" id="a20150612">
+				<h3>
+					June 12, 2015
+				</h3>
+
+				<p>
+					0.6.1 RELEASE
+
+				<p>
+					OpenSSL Security update - new version is OpenSSL 0.9.8zg
+			</blockquote>
 			<blockquote class="bluebox" id="a20150319">
 				<h3>
 					March 19, 2015
 				</h3>
+
 				<p>
-					0.5.10 RELEASE 
+					0.5.10 RELEASE
+
 				<p>
-					OpenSSL Security update 
+					OpenSSL Security update
+
 				<p>
-					A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. [CVE-2015-0209] 
+					A malformed elliptic curve private key file could cause a use-after-free condition in the
+					d2i_ECPrivateKey function. [CVE-2015-0209]
+
 				<p>
-					An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. [CVE-2015-0286] 
+					An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an
+					invalid read. [CVE-2015-0286]
+
 				<p>
-					Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. [CVE-2015-0287] 
+					Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid
+					write. [CVE-2015-0287]
+
 				<p>
-					The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. [CVE-2015-0288] 
+					The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is
+					invalid. [CVE-2015-0288]
+
 				<p>
-					The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. [CVE-2015-0289] 
+					The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. [CVE-2015-0289]
+
 				<p>
-					A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. [CVE-2015-0293] 
+					A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable
+					export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. [CVE-2015-0293]
 			</blockquote>
 			<blockquote class="bluebox" id="a20150225">
 				<h3>

More information about the Midnightbsd-cvs mailing list