===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/68.html,v
retrieving revision 1.40
retrieving revision 1.41
diff -c -r1.40 -r1.41
*** www/68.html 2020/10/04 21:44:53 1.40
--- www/68.html 2020/10/04 22:12:48 1.41
***************
*** 328,348 ****
Rewrote the entropy enqueue ring to collect damage asynchronously and adapted the dequeue to mix a selection of "best" ring entries, exponentially backing off the dequeue timeout, to compensate rapidly for weak seeding in unidentifiable conditions and ensure quality to arc4random() calls early in boot.
Enabled PAN (Privileged Access Never) on arm64 CPUs supporting it.
Skipped scanning file systems which are both nodev and nosuid for SUID, SGID and device files with security(8).
!
!
! The following security bugs were addressed:
!
! - Fixed two out-of-bounds array accesses in ioctl code pathways in
! wscons(4).
!
- Fixed information leak in semctl SEM_GET.
!
- Prevented root from freezing the UTC clock with settimeofday(2) at securelevel 2.
!
- Fixed performance problems relating to tty subsystem abuse.
!
- Fixed heap corruption in the X input method client in libX11.
!
- Fixed potential information leak via X server pixel data uninitialized memory.
!
- Fixed a race condition for isoc devices during device close.
!
- Fixed an integer overflow in libX11 which could lead to a double free.
!
- Corrected multiple input validation deficits in X server extensions.
!
Routing daemons and other userland network improvements:
--- 328,343 ----
Rewrote the entropy enqueue ring to collect damage asynchronously and adapted the dequeue to mix a selection of "best" ring entries, exponentially backing off the dequeue timeout, to compensate rapidly for weak seeding in unidentifiable conditions and ensure quality to arc4random() calls early in boot.
Enabled PAN (Privileged Access Never) on arm64 CPUs supporting it.
Skipped scanning file systems which are both nodev and nosuid for SUID, SGID and device files with security(8).
! Fixed two out-of-bounds array accesses in ioctl code pathways in
! wscons(4).
! Fixed information leak in semctl SEM_GET.
! Prevented root from freezing the UTC clock with settimeofday(2) at securelevel 2.
! Fixed performance problems relating to tty subsystem abuse.
! Fixed heap corruption in the X input method client in libX11.
! Fixed potential information leak via X server pixel data uninitialized memory.
! Fixed a race condition for isoc devices during device close.
! Fixed an integer overflow in libX11 which could lead to a double free.
! Corrected multiple input validation deficits in X server extensions.
Routing daemons and other userland network improvements: