| 1 |
|
Updating Information for MidnightBSD users. |
| 2 |
|
|
| 3 |
+ |
20150225: |
| 4 |
+ |
Fix two security vulnerabilities. |
| 5 |
+ |
|
| 6 |
+ |
1. BIND servers which are configured to perform DNSSEC validation and which |
| 7 |
+ |
are using managed keys (which occurs implicitly when using |
| 8 |
+ |
"dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit |
| 9 |
+ |
unpredictable behavior due to the use of an improperly initialized |
| 10 |
+ |
variable. |
| 11 |
+ |
|
| 12 |
+ |
CVE-2015-1349 |
| 13 |
+ |
|
| 14 |
+ |
2. An integer overflow in computing the size of IGMPv3 data buffer can result |
| 15 |
+ |
in a buffer which is too small for the requested operation. |
| 16 |
+ |
|
| 17 |
+ |
This can result in a DOS attack. |
| 18 |
+ |
|
| 19 |
|
20141211: |
| 20 |
|
Fix a security issue with file and libmagic that can allow |
| 21 |
|
an attacker to create a denial of service attack on any |
