1 |
<!DOCTYPE html> |
2 |
<html lang="en-us"> |
3 |
<head> |
4 |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
5 |
<meta name="description" content="MidnightBSD is a desktop operating system for x86 and x86-64 based PCs."> |
6 |
<meta name="viewport" content="width=device-width, initial-scale=1"> |
7 |
<title>MidnightBSD</title> |
8 |
<link rel="shortcut icon" href="favicon.ico"> |
9 |
<link href="https://plus.google.com/112694070346575096682/" rel="publisher"> |
10 |
<link rel="alternate" type="application/rss+xml" title="MidnightBSD Developer Blog" href="http://feedproxy.google.com/mnbsd"> |
11 |
<link rel="stylesheet" type="text/css" href="css/essence.css"> |
12 |
</head> |
13 |
<body> |
14 |
<div id="globe"> |
15 |
<div id="header"><h1 title="MidnightBSD Home"><a href="./" title="MidnightBSD Home">MidnightBSD: The BSD For Everyone</a></h1></div> |
16 |
<!--#include virtual="/menu.html"--> |
17 |
<div class="clear"></div> |
18 |
<div id="welcomebox"> |
19 |
<div class="clear"></div> |
20 |
<div id="welcome"> |
21 |
<h2>Welcome to MidnightBSD</h2> |
22 |
<blockquote> |
23 |
<p>MidnightBSD is a new BSD-derived operating system developed with desktop |
24 |
users in mind. It includes all the software you'd expect for your daily tasks |
25 |
— email, web browsing, |
26 |
word processing, gaming, |
27 |
and much more.</p> |
28 |
<p>With a small community of dedicated developers, MidnightBSD strives to |
29 |
create an easy-to-use operating system everyone can use, freely. Available |
30 |
for x86, AMD64 and as Virtual Machines.</p> |
31 |
</blockquote> |
32 |
</div> |
33 |
<div id="getbox"> |
34 |
<div id="gettext"> |
35 |
<h2><a href="download/">Get MidnightBSD</a></h2> |
36 |
<h3>Latest Release - 0.5.2</h3> |
37 |
<div id="getcd"><a href="download/" title="Get MidnightBSD"></a></div> |
38 |
<div class="clear"></div> |
39 |
<h4><a href="notes/">Release Notes</a></h4> |
40 |
</div> |
41 |
</div> |
42 |
</div> |
43 |
<div class="clear"></div> |
44 |
<div id="gravity" style="padding-top: 10px;"> |
45 |
<div id="news"> |
46 |
<h2><a href="news/">News »</a></h2> |
47 |
<!--#include file="mbsdblogsum.inc"--> |
48 |
</div> |
49 |
<div id="security"> |
50 |
<h2><a href="security/">Security »</a></h2> |
51 |
|
52 |
<blockquote> |
53 |
<p class="date">March 19, 2015</p> |
54 |
|
55 |
<p class="update">0.5.10 RELEASE |
56 |
<br> OpenSSL Security update |
57 |
<br> |
58 |
A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. [CVE-2015-0209] |
59 |
<br> |
60 |
An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. [CVE-2015-0286] |
61 |
<br> |
62 |
Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. [CVE-2015-0287] |
63 |
<br> |
64 |
The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. [CVE-2015-0288] |
65 |
<br> |
66 |
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. [CVE-2015-0289] |
67 |
<br> |
68 |
A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. [CVE-2015-0293] |
69 |
</p> |
70 |
<p class="more"><a href="security/#a20150319">Read more ...</a></p> |
71 |
</blockquote> |
72 |
|
73 |
<blockquote> |
74 |
<p class="date">February 25, 2015</p> |
75 |
<p class="update">0.5.9 RELEASE |
76 |
<br> |
77 |
Fix two security vulnerabilities. |
78 |
<br> |
79 |
1. BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable. |
80 |
<br> |
81 |
CVE-2015-1349 |
82 |
<br> |
83 |
2. An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. |
84 |
<br> |
85 |
This can result in a DOS attack.</p> |
86 |
<p class="more"><a href="security/#aa20150225">Read more ...</a><p> |
87 |
</blockquote> |
88 |
</div> |
89 |
<div id="tweets"> |
90 |
<a class="twitter-timeline" href="https://twitter.com/midnightbsd" data-widget-id="340874433373806593">Tweets by @midnightbsd</a> |
91 |
<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> |
92 |
|
93 |
</div> |
94 |
</div> |
95 |
<!--#include virtual="/footer.html"--> |
96 |
</body> |
97 |
</html> |