Revision
6909 -
Directory Listing
-
[select for diffs]
Modified
Fri Oct 31 23:21:12 2014 UTC
(9 years, 6 months ago)
by
laffer1
Diff to
previous 6900
0.5.5 RELEASE fixes an issue with tnftp by updating to the latest release 20141031. See CVE-2014-8517 for details
Revision
6881 -
Directory Listing
-
[select for diffs]
Modified
Tue Oct 21 22:19:39 2014 UTC
(9 years, 6 months ago)
by
laffer1
Diff to
previous 6880
0.5.3 RELEASE
Fix several security vulnerabilities in OpenSSL, routed, rtsold,
and namei with respect to Capsicum sandboxes looking up
nonexistent path names and leaking memory.
OpenSSL update adds some workarounds for the recent
poodle vulnerability reported by Google.
The input path in routed(8) will accept queries from any source and
attempt to answer them. However, the output path assumes that the
destination address for the response is on a directly connected
network.
Due to a missing length check in the code that handles DNS parameters,
a malformed router advertisement message can result in a stack buffer
overflow in rtsold(8).
Revision
6880 -
Directory Listing
-
[select for diffs]
Modified
Tue Oct 21 22:14:30 2014 UTC
(9 years, 6 months ago)
by
laffer1
Diff to
previous 6879
The namei facility will leak a small amount of kernel memory every
time a sandboxed process looks up a nonexistent path name.
Obtained from: FreeBSD
Revision
6879 -
Directory Listing
-
[select for diffs]
Modified
Tue Oct 21 22:13:27 2014 UTC
(9 years, 6 months ago)
by
laffer1
Diff to
previous 6878
The input path in routed(8) will accept queries from any source and
attempt to answer them. However, the output path assumes that the
destination address for the response is on a directly connected
network.
Obtained from: FreeBSD
Revision
6878 -
Directory Listing
-
[select for diffs]
Modified
Tue Oct 21 22:12:05 2014 UTC
(9 years, 6 months ago)
by
laffer1
Diff to
previous 6877
Due to a missing length check in the code that handles DNS parameters,
a malformed router advertisement message can result in a stack buffer
overflow in rtsold(8).
Obtained from: FreeBSD
Revision
6877 -
Directory Listing
-
[select for diffs]
Modified
Tue Oct 21 22:09:49 2014 UTC
(9 years, 6 months ago)
by
laffer1
Diff to
previous 6854
A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL to fail
to free up to 64k of memory causing a memory leak. [CVE-2014-3513].
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
integrity of that ticket is first verified. In the event of a session
ticket integrity check failing, OpenSSL will fail to free memory
causing a memory leak. [CVE-2014-3567].
The SSL protocol 3.0, as supported in OpenSSL and other products, supports
CBC mode encryption where it could not adequately check the integrity of
padding, because of the use of non-deterministic CBC padding. This
protocol weakness makes it possible for an attacker to obtain clear text
data through a padding-oracle attack.
Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE [CVE-2014-3566].
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol downgrade.
When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them. [CVE-2014-3568].
Obtained from: OpenSSL, FreeBSD
Revision
6769 -
Directory Listing
-
[select for diffs]
Modified
Tue Sep 16 23:49:28 2014 UTC
(9 years, 7 months ago)
by
laffer1
Diff to
previous 6767
0.4-RELEASE-p15
20140916:
Fix a security issue with TCP SYN.
When a segment with the SYN flag for an already existing connection arrives,
the TCP stack tears down the connection, bypassing a check that the
sequence number in the segment is in the expected window.
Revision
6767 -
Directory Listing
-
[select for diffs]
Modified
Tue Sep 16 23:41:17 2014 UTC
(9 years, 7 months ago)
by
laffer1
Diff to
previous 6756
20140916:
Fix a security issue with TCP SYN.
When a segment with the SYN flag for an already existing connection arrives,
the TCP stack tears down the connection, bypassing a check that the
sequence number in the segment is in the expected window.
Obtained from: FreeBSD
Revision
6756 -
Directory Listing
-
[select for diffs]
Modified
Tue Sep 9 23:26:28 2014 UTC
(9 years, 7 months ago)
by
laffer1
Diff to
previous 6755
0.4-RELEASE-p14
OpenSSL security patch:
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]
Revision
6755 -
Directory Listing
-
[select for diffs]
Modified
Tue Sep 9 23:15:28 2014 UTC
(9 years, 7 months ago)
by
laffer1
Diff to
previous 6753
OpenSSL security patch:
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]
Revision
6653 -
Directory Listing
-
[select for diffs]
Modified
Wed Apr 30 12:23:07 2014 UTC
(10 years ago)
by
laffer1
Diff to
previous 6633
MidnightBSD 0.4-RELEASE-p10
Fix a TCP reassembly bug that could result in a DOS attack
of the system. It may be possible to obtain portions
of kernel memory as well.