From luke at foolishgames.com  Wed Oct 22 08:30:14 2014
From: luke at foolishgames.com (Lucas Holt)
Date: Wed, 22 Oct 2014 12:30:14 -0000
Subject: [Midnightbsd-users] MidnightBSD 0.5.3-RELEASE
Message-ID: <1F26BE84-D56C-4C23-B4F2-8F3CA2887288@foolishgames.com>

MidnightBSD 0.5.3-RELEASE is now available via subversion. 

Fix several security vulnerabilities in OpenSSL, routed, rtsold,
and namei with respect to Capsicum sandboxes looking up
nonexistent path names and leaking memory.

OpenSSL update adds some workarounds for the recent
poodle vulnerability reported by Google.

The input path in routed(8) will accept queries from any source and
attempt to answer them.  However, the output path assumes that the
destination address for the response is on a directly connected
network.

Due to a missing length check in the code that handles DNS parameters,
a malformed router advertisement message can result in a stack buffer
overflow in rtsold(8).

In addition, we've released 0.5.2-RELEASE ISOs on the FTP server for both amd64 and i386. 
We plan to do rollup security releases periodically.


Lucas Holt
Luke at FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)