Revision
7336 -
Directory Listing
-
[select for diffs]
Modified
Wed Sep 30 13:07:57 2015 UTC
(8 years, 7 months ago)
by
laffer1
Diff to
previous 7304
In rpcbind(8), netbuf structures are copied directly, which would result in
two netbuf structures that reference to one shared address buffer. When one
of the two netbuf structures is freed, access to the other netbuf structure
would result in an undefined result that may crash the rpcbind(8) daemon.
Revision
7274 -
Directory Listing
-
[select for diffs]
Modified
Tue Aug 25 22:11:08 2015 UTC
(8 years, 8 months ago)
by
laffer1
Diff to
previous 7272
MidnightBSD 0.6.7 RELEASE
Fix security issues with amd64 register handling and OpenSSH /w pam enabled (default).
See UPDATING for details.
Revision
7272 -
Directory Listing
-
[select for diffs]
Modified
Tue Aug 25 22:06:30 2015 UTC
(8 years, 8 months ago)
by
laffer1
Diff to
previous 7270
fix a security issue on amd64 where the GS segment CPU register can be changed via userland value in kernel mode by using an IRET with #SS or #NP exceptions.
Revision
7196 -
Directory Listing
-
[select for diffs]
Modified
Wed Jul 29 00:38:43 2015 UTC
(8 years, 9 months ago)
by
laffer1
Diff to
previous 7193
MidnightBSD 0.6.4
OpenSSH
Fix two security vulnerabilities:
OpenSSH clients does not correctly verify DNS SSHFP records when a server
offers a certificate. [CVE-2014-2653]
OpenSSH servers which are configured to allow password authentication
using PAM (default) would allow many password attempts. A bug allows
MaxAuthTries to be bypassed. [CVE-2015-5600]
Revision
7193 -
Directory Listing
-
[select for diffs]
Modified
Wed Jul 29 00:31:36 2015 UTC
(8 years, 9 months ago)
by
laffer1
Diff to
previous 7126
TCP Resassemly resource exhaustion bug:
There is a mistake with the introduction of VNET, which converted the
global limit on the number of segments that could belong to reassembly
queues into a per-VNET limit. Because mbufs are allocated from a
global pool, in the presence of a sufficient number of VNETs, the
total number of mbufs attached to reassembly queues can grow to the
total number of mbufs in the system, at which point all network
traffic would cease.
Obtained from: FreeBSD 8
Revision
7126 -
Directory Listing
-
[select for diffs]
Modified
Wed Jul 22 15:00:50 2015 UTC
(8 years, 9 months ago)
by
laffer1
Diff to
previous 7064
MidnightBSD 0.6.3 RELEASE
TCP connections transitioning to the LAST_ACK state can become permanently
stuck due to mishandling of protocol state in certain situations, which in
turn can lead to accumulated consumption and eventual exhaustion of system
resources, such as mbufs and sockets.
Revision
6994 -
Directory Listing
-
[select for diffs]
Modified
Wed Apr 8 01:35:45 2015 UTC
(9 years ago)
by
laffer1
Diff to
previous 6990
0.5.11 RELEASE
Fix two security vulnerabilities:
The previous fix for IGMP had an overflow issue. This has been corrected.
ipv6: The Neighbor Discover Protocol allows a local router to advertise a
suggested Current Hop Limit value of a link, which will replace
Current Hop Limit on an interface connected to the link on the MidnightBSD
system.
Obtained from: FreeBSD
Revision
6990 -
Directory Listing
-
[select for diffs]
Modified
Fri Mar 20 12:28:09 2015 UTC
(9 years, 1 month ago)
by
laffer1
Diff to
previous 6989
update mksh to R50e as there are a number of regression bugs in the previous release that could cause users issues
Revision
6964 -
Directory Listing
-
[select for diffs]
Modified
Wed Feb 25 14:32:10 2015 UTC
(9 years, 2 months ago)
by
laffer1
Diff to
previous 6963
An integer overflow in computing the size of IGMPv3 data buffer can result
in a buffer which is too small for the requested operation.
This can result in a DOS attack.
Revision
6963 -
Directory Listing
-
[select for diffs]
Modified
Wed Feb 25 14:30:33 2015 UTC
(9 years, 2 months ago)
by
laffer1
Diff to
previous 6961
BIND servers which are configured to perform DNSSEC validation and which
are using managed keys (which occurs implicitly when using
"dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
unpredictable behavior due to the use of an improperly initialized
variable.
CVE-2015-1349
Revision
6961 -
Directory Listing
-
[select for diffs]
Modified
Wed Jan 14 22:53:09 2015 UTC
(9 years, 3 months ago)
by
laffer1
Diff to
previous 6956
0.5.8 RELEASE
Fix several security issues with OpenSSL.
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL
due to a NULL pointer dereference. [CVE-2014-3571]
A memory leak can occur in the dtls1_buffer_record function under certain
conditions. [CVE-2015-0206]
When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is
received the ssl method would be set to NULL which could later result in
a NULL pointer dereference. [CVE-2014-3569]
An OpenSSL client will accept a handshake using an ephemeral ECDH
ciphersuite using an ECDSA certificate if the server key exchange message
is omitted. [CVE-2014-3572]
An OpenSSL client will accept the use of an RSA temporary key in a non-export
RSA key exchange ciphersuite. [CVE-2015-0204]
An OpenSSL server will accept a DH certificate for client authentication
without the certificate verify message. [CVE-2015-0205]
OpenSSL accepts several non-DER-variations of certificate signature
algorithm and signature encodings. OpenSSL also does not enforce a
match between the signature algorithm between the signed and unsigned
portions of the certificate. [CVE-2014-8275]
Bignum squaring (BN_sqr) may produce incorrect results on some
platforms, including x86_64. [CVE-2014-3570]
Revision
6956 -
Directory Listing
-
[select for diffs]
Modified
Thu Dec 11 13:12:26 2014 UTC
(9 years, 4 months ago)
by
laffer1
Diff to
previous 6939
0.5.7 RELEASE
Fix a security issue with file and libmagic that can allow
an attacker to create a denial of service attack on any
program that uses libmagic.
Revision
6927 -
Directory Listing
-
[select for diffs]
Modified
Wed Nov 5 03:42:01 2014 UTC
(9 years, 5 months ago)
by
laffer1
Diff to
previous 6915
Fix two security issues:
1. sshd may link libpthread in the wrong order, shadowing libc functions and causing a possible DOS attack for connecting clients.
2. getlogin may leak kernel memory via a buffer that is copied without clearing.
Revision
6909 -
Directory Listing
-
[select for diffs]
Modified
Fri Oct 31 23:21:12 2014 UTC
(9 years, 6 months ago)
by
laffer1
Diff to
previous 6900
0.5.5 RELEASE fixes an issue with tnftp by updating to the latest release 20141031. See CVE-2014-8517 for details
Revision
6881 -
Directory Listing
-
[select for diffs]
Modified
Tue Oct 21 22:19:39 2014 UTC
(9 years, 6 months ago)
by
laffer1
Diff to
previous 6880
0.5.3 RELEASE
Fix several security vulnerabilities in OpenSSL, routed, rtsold,
and namei with respect to Capsicum sandboxes looking up
nonexistent path names and leaking memory.
OpenSSL update adds some workarounds for the recent
poodle vulnerability reported by Google.
The input path in routed(8) will accept queries from any source and
attempt to answer them. However, the output path assumes that the
destination address for the response is on a directly connected
network.
Due to a missing length check in the code that handles DNS parameters,
a malformed router advertisement message can result in a stack buffer
overflow in rtsold(8).
Revision
6880 -
Directory Listing
-
[select for diffs]
Modified
Tue Oct 21 22:14:30 2014 UTC
(9 years, 6 months ago)
by
laffer1
Diff to
previous 6879
The namei facility will leak a small amount of kernel memory every
time a sandboxed process looks up a nonexistent path name.
Obtained from: FreeBSD
Revision
6879 -
Directory Listing
-
[select for diffs]
Modified
Tue Oct 21 22:13:27 2014 UTC
(9 years, 6 months ago)
by
laffer1
Diff to
previous 6878
The input path in routed(8) will accept queries from any source and
attempt to answer them. However, the output path assumes that the
destination address for the response is on a directly connected
network.
Obtained from: FreeBSD
Revision
6878 -
Directory Listing
-
[select for diffs]
Modified
Tue Oct 21 22:12:05 2014 UTC
(9 years, 6 months ago)
by
laffer1
Diff to
previous 6877
Due to a missing length check in the code that handles DNS parameters,
a malformed router advertisement message can result in a stack buffer
overflow in rtsold(8).
Obtained from: FreeBSD
Revision
6877 -
Directory Listing
-
[select for diffs]
Modified
Tue Oct 21 22:09:49 2014 UTC
(9 years, 6 months ago)
by
laffer1
Diff to
previous 6854
A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL to fail
to free up to 64k of memory causing a memory leak. [CVE-2014-3513].
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
integrity of that ticket is first verified. In the event of a session
ticket integrity check failing, OpenSSL will fail to free memory
causing a memory leak. [CVE-2014-3567].
The SSL protocol 3.0, as supported in OpenSSL and other products, supports
CBC mode encryption where it could not adequately check the integrity of
padding, because of the use of non-deterministic CBC padding. This
protocol weakness makes it possible for an attacker to obtain clear text
data through a padding-oracle attack.
Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE [CVE-2014-3566].
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol downgrade.
When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them. [CVE-2014-3568].
Obtained from: OpenSSL, FreeBSD
Revision
6769 -
Directory Listing
-
[select for diffs]
Modified
Tue Sep 16 23:49:28 2014 UTC
(9 years, 7 months ago)
by
laffer1
Diff to
previous 6767
0.4-RELEASE-p15
20140916:
Fix a security issue with TCP SYN.
When a segment with the SYN flag for an already existing connection arrives,
the TCP stack tears down the connection, bypassing a check that the
sequence number in the segment is in the expected window.
Revision
6767 -
Directory Listing
-
[select for diffs]
Modified
Tue Sep 16 23:41:17 2014 UTC
(9 years, 7 months ago)
by
laffer1
Diff to
previous 6756
20140916:
Fix a security issue with TCP SYN.
When a segment with the SYN flag for an already existing connection arrives,
the TCP stack tears down the connection, bypassing a check that the
sequence number in the segment is in the expected window.
Obtained from: FreeBSD
Revision
6756 -
Directory Listing
-
[select for diffs]
Modified
Tue Sep 9 23:26:28 2014 UTC
(9 years, 7 months ago)
by
laffer1
Diff to
previous 6755
0.4-RELEASE-p14
OpenSSL security patch:
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]
Revision
6755 -
Directory Listing
-
[select for diffs]
Modified
Tue Sep 9 23:15:28 2014 UTC
(9 years, 7 months ago)
by
laffer1
Diff to
previous 6753
OpenSSL security patch:
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]
Revision
6653 -
Directory Listing
-
[select for diffs]
Modified
Wed Apr 30 12:23:07 2014 UTC
(10 years ago)
by
laffer1
Diff to
previous 6633
MidnightBSD 0.4-RELEASE-p10
Fix a TCP reassembly bug that could result in a DOS attack
of the system. It may be possible to obtain portions
of kernel memory as well.