[Midnightbsd-users] MidnightBSD 0.7.3 RELEASE

[Lucas Holt]

An update for MidnightBSD is now available from SVN, 0.7.3 RELEASE. 

This release includes the following security fixes:

	OpenSSL

	The signature verification routines will crash with a NULL pointer dereference
	if presented with an ASN.1 signature using the RSA PSS algorithm and absent
	mask generation function parameter. [CVE-2015-3194]

	When presented with a malformed X509_ATTRIBUTE structure, OpenSSL will leak
	memory. [CVE-2015-3195]

	If PSK identity hints are received by a multi-threaded client then the values
	are incorrectly updated in the parent SSL_CTX structure.  [CVE-2015-3196]
	
	linuxolator

	A programming error in the Linux compatibility layer setgroups(2) system
	call can lead to an unexpected results, such as overwriting random kernel
	memory contents.

	A programming error in the handling of Linux futex robust lists may result
	in incorrect memory locations being accessed.

	0.7.2 RELEASE
	Fix a security issue with bsnmpd configuration file installation.

	TCP MD5 signature denial of service

        A programming error in processing a TCP connection with both TCP_MD5SIG
        and TCP_NOOPT socket options may lead to kernel crash.

        SCTP

        A lack of proper input checks in the ICMPv6 processing in the SCTP stack
        can lead to either a failed kernel assertion or to a NULL pointer
        dereference.  In either case, a kernel panic will follow.

In addition, users who run on the stable branch will also get an update for OpenSSH that 
disables roaming capability in the client.


Lucas Holt
Luke at FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)