| version 1.21, 2016/07/22 20:33:22 |
version 1.22, 2016/07/22 21:24:11 |
|
|
| <ul> |
<ul> |
| <li><tt>W^X</tt> is now strictly enforced by default; |
<li><tt>W^X</tt> is now strictly enforced by default; |
| a program can only violate it if the executable is marked with |
a program can only violate it if the executable is marked with |
| <tt>PT_OPENBSD_WXNEEDED</tt> and its is located on a filesystem |
<tt>PT_OPENBSD_WXNEEDED</tt> and it is located on a filesystem |
| mounted with the <tt>wxallowed</tt> |
mounted with the <tt>wxallowed</tt> |
| <a href="http://man.openbsd.org/mount.8">mount(8)</a> option. |
<a href="http://man.openbsd.org/mount.8">mount(8)</a> option. |
| <li>The <a href="http://man.openbsd.org/setjmp.3">setjmp(3)</a> |
<li>The <a href="http://man.openbsd.org/setjmp.3">setjmp(3)</a> |
|
|
| <li><a href="http://man.openbsd.org/sigreturn.2">sigreturn(2)</a> |
<li><a href="http://man.openbsd.org/sigreturn.2">sigreturn(2)</a> |
| can now only be used by the kernel-provided signal trampoline, |
can now only be used by the kernel-provided signal trampoline, |
| with a cookie to detect attempts to reuse it. |
with a cookie to detect attempts to reuse it. |
| <li>To deter code reuse exploits, in <a href="http://man.openbsd.org/rc.8">rc(8)</a>, |
<li>To deter code reuse exploits, <a href="http://man.openbsd.org/rc.8">rc(8)</a> |
| re-link libc.so on startup, placing the objects in a random order. |
re-links libc.so on startup, placing the objects in a random order. |
| <li>In the <a href="http://man.openbsd.org/getpwnam.3">getpwnam(3)</a> |
<li>In the <a href="http://man.openbsd.org/getpwnam.3">getpwnam(3)</a> |
| family of functions, stop opening the shadow database by default. |
family of functions, stop opening the shadow database by default. |
| <li>Allow <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a> |
<li>Allow <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a> |
|
|
| ensures that only <tt>GENERALIZEDTIME</tt> formats are accepted for |
ensures that only <tt>GENERALIZEDTIME</tt> formats are accepted for |
| OCSP, as per <i>RFC 6960</i>. |
OCSP, as per <i>RFC 6960</i>. |
| </ul> |
</ul> |
| <li>The following CVEs had been fixed: |
<li>The following CVEs have been fixed: |
| <ul> |
<ul> |
| <li><tt>CVE-2016-2105</tt>—EVP_EncodeUpdate overflow. |
<li><tt>CVE-2016-2105</tt>—EVP_EncodeUpdate overflow. |
| <li><tt>CVE-2016-2106</tt>—EVP_EncryptUpdate overflow. |
<li><tt>CVE-2016-2106</tt>—EVP_EncryptUpdate overflow. |
![[BACK]](/icons/back.gif){kind=icon}
Return to 60.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www