www/trunk/index.html

<!DOCTYPE html>
<html lang="en-us">
        <head>
                <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
                <meta name="description" content="MidnightBSD is a desktop operating system for x86 and x86-64 based PCs.">
                <meta name="viewport" content="width=device-width, initial-scale=1">
                <title>MidnightBSD</title>
                <link rel="shortcut icon" href="favicon.ico">
                <link href="https://plus.google.com/112694070346575096682/" rel="publisher">
                <link  rel="alternate" type="application/rss+xml" title="MidnightBSD Developer Blog" href="http://feedproxy.google.com/mnbsd">
                <link rel="stylesheet" type="text/css" href="css/essence.css">
        </head>
        <body>
                <div id="globe">
                        <div id="header"><h1 title="MidnightBSD Home"><a href="./" title="MidnightBSD Home">MidnightBSD: The BSD For Everyone</a></h1></div>
                    <!--#include virtual="/menu.html"-->
                        <div class="clear"></div>
                        <div id="welcomebox">
                                <div class="clear"></div>
                                <div id="welcome">
                                        <h2>Welcome to MidnightBSD</h2>
                                        <blockquote>
                                                <p>MidnightBSD is a new BSD-derived operating system developed with desktop 
                                                users in mind. It includes all the software you'd expect for your daily tasks 
                                                &#8212; email, web browsing, 
                                                word processing, gaming, 
                                                and much more.</p>
                                                <p>With a small community of dedicated developers, MidnightBSD strives to 
                                                create an easy-to-use operating system everyone can use, freely. Available 
                                                for x86, AMD64 and as Virtual Machines.</p>
                                        </blockquote>
                                </div>
                                <div id="getbox">
                                        <div id="gettext">
                                                <h2><a href="download/">Get MidnightBSD</a></h2>
                                                <h3>Latest Release - 0.5.2</h3>
                                                <div id="getcd"><a href="download/" title="Get MidnightBSD"></a></div>
                                                <div class="clear"></div>
                                                <h4><a href="notes/">Release Notes</a></h4>
                                        </div>
                                </div>
                        </div>
                        <div class="clear"></div>
                        <div id="gravity" style="padding-top: 10px;">
                                <div id="news">
                                        <h2><a href="news/">News &#187;</a></h2>
                                <!--#include file="mbsdblogsum.inc"-->
                                </div>
                                <div id="security">
                                        <h2><a href="security/">Security &#187;</a></h2>
                                        
                                        <blockquote>
                                                <p class="date">March 19, 2015</p>

                                                <p class="update">0.5.10 RELEASE
                                                <br>         OpenSSL Security update
                                <br>
                                        A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. [CVE-2015-0209]
                                <br>
                                        An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. [CVE-2015-0286]
                                <br>
                                        Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. [CVE-2015-0287]
                               <br>
                                        The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. [CVE-2015-0288]
                                <br>
                                        The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. [CVE-2015-0289]
                              <br>
                                        A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. [CVE-2015-0293]
                                </p>
                                                <p class="more"><a href="security/#a20150319">Read more ...</a></p>
                                        </blockquote>

                                         <blockquote>
                        <p class="date">February 25, 2015</p>
                        <p class="update">0.5.9 RELEASE
                                                <br>  
                                        Fix two security vulnerabilities.
                                <br>
                                        1. BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable.
                               <br>
                                        CVE-2015-1349
                                <br>
                                        2. An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation.
                             <br>
                                        This can result in a DOS attack.</p>
                                                <p class="more"><a href="security/#aa20150225">Read more ...</a><p>
                                        </blockquote>
                                </div>
                                <div id="tweets">
<a class="twitter-timeline" href="https://twitter.com/midnightbsd" data-widget-id="340874433373806593">Tweets by @midnightbsd</a>
<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>

                                </div>
                        </div>
<!--#include virtual="/footer.html"-->
        </body>
</html>
Revision:	587
Committed:	Fri Mar 20 23:56:35 2015 UTC (9 years, 2 months ago) by laffer1
Content type:	text/html
File size:	5343 byte(s)
Log Message:	security updates
#	Content
1	<!DOCTYPE html>
2	<html lang="en-us">
3	<head>
4	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
5	<meta name="description" content="MidnightBSD is a desktop operating system for x86 and x86-64 based PCs.">
6	<meta name="viewport" content="width=device-width, initial-scale=1">
7	<title>MidnightBSD</title>
8	<link rel="shortcut icon" href="favicon.ico">
9	<link href="https://plus.google.com/112694070346575096682/" rel="publisher">
10	<link rel="alternate" type="application/rss+xml" title="MidnightBSD Developer Blog" href="http://feedproxy.google.com/mnbsd">
11	<link rel="stylesheet" type="text/css" href="css/essence.css">
12	</head>
13	<body>
14	<div id="globe">
15	<div id="header"><h1 title="MidnightBSD Home"><a href="./" title="MidnightBSD Home">MidnightBSD: The BSD For Everyone</a></h1></div>
16	<!--#include virtual="/menu.html"-->
17	<div class="clear"></div>
18	<div id="welcomebox">
19	<div class="clear"></div>
20	<div id="welcome">
21	<h2>Welcome to MidnightBSD</h2>
22	<blockquote>
23	<p>MidnightBSD is a new BSD-derived operating system developed with desktop
24	users in mind. It includes all the software you'd expect for your daily tasks
25	— email, web browsing,
26	word processing, gaming,
27	and much more.</p>
28	<p>With a small community of dedicated developers, MidnightBSD strives to
29	create an easy-to-use operating system everyone can use, freely. Available
30	for x86, AMD64 and as Virtual Machines.</p>
31	</blockquote>
32	</div>
33	<div id="getbox">
34	<div id="gettext">
35	<h2><a href="download/">Get MidnightBSD</a></h2>
36	<h3>Latest Release - 0.5.2</h3>
37	<div id="getcd"><a href="download/" title="Get MidnightBSD"></a></div>
38	<div class="clear"></div>
39	<h4><a href="notes/">Release Notes</a></h4>
40	</div>
41	</div>
42	</div>
43	<div class="clear"></div>
44	<div id="gravity" style="padding-top: 10px;">
45	<div id="news">
46	<h2><a href="news/">News »</a></h2>
47	<!--#include file="mbsdblogsum.inc"-->
48	</div>
49	<div id="security">
50	<h2><a href="security/">Security »</a></h2>
51
52	<blockquote>
53	<p class="date">March 19, 2015</p>
54
55	<p class="update">0.5.10 RELEASE
56	<br> OpenSSL Security update
57	<br>
58	A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. [CVE-2015-0209]
59	<br>
60	An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. [CVE-2015-0286]
61	<br>
62	Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. [CVE-2015-0287]
63	<br>
64	The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. [CVE-2015-0288]
65	<br>
66	The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. [CVE-2015-0289]
67	<br>
68	A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. [CVE-2015-0293]
69	</p>
70	<p class="more"><a href="security/#a20150319">Read more ...</a></p>
71	</blockquote>
72
73	<blockquote>
74	<p class="date">February 25, 2015</p>
75	<p class="update">0.5.9 RELEASE
76	<br>
77	Fix two security vulnerabilities.
78	<br>
79	1. BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable.
80	<br>
81	CVE-2015-1349
82	<br>
83	2. An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation.
84	<br>
85	This can result in a DOS attack.</p>
86	<p class="more"><a href="security/#aa20150225">Read more ...</a><p>
87	</blockquote>
88	</div>
89	<div id="tweets">
90	<a class="twitter-timeline" href="https://twitter.com/midnightbsd" data-widget-id="340874433373806593">Tweets by @midnightbsd</a>
91	<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
92
93	</div>
94	</div>
95	<!--#include virtual="/footer.html"-->
96	</body>
97	</html>