! 013: RELIABILITY FIX: April 11, 2009All architectures
When pf attempts to perform translation on a specially crafted IP datagram,
a null pointer dereference will occur, resulting in a kernel panic.
--- 86,92 ----
! 013: RELIABILITY FIX: April 11, 2009All architectures
When pf attempts to perform translation on a specially crafted IP datagram,
a null pointer dereference will occur, resulting in a kernel panic.
***************
*** 109,115 ****
! 012: RELIABILITY FIX: April 8, 2009All architectures
The OpenSSL ASN.1 handling code could be forced to perform invalid memory
accesses through the use of certain invalid strings
--- 107,113 ----
! 012: RELIABILITY FIX: April 8, 2009All architectures
The OpenSSL ASN.1 handling code could be forced to perform invalid memory
accesses through the use of certain invalid strings
***************
*** 127,133 ****
! 011: SECURITY FIX: February 22, 2009All architectures
sudo(8) may allow a user listed in the sudoers file to run a command
as a different user than their access rule specifies when a Unix
--- 125,131 ----
! 011: SECURITY FIX: February 22, 2009All architectures
sudo(8) may allow a user listed in the sudoers file to run a command
as a different user than their access rule specifies when a Unix
***************
*** 140,146 ****
! 010: RELIABILITY FIX: February 18, 2009All architectures
bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
the process to terminate because of the resulting corrupt path.
--- 138,144 ----
! 010: RELIABILITY FIX: February 18, 2009All architectures
bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
the process to terminate because of the resulting corrupt path.
***************
*** 150,156 ****
! 009: RELIABILITY FIX: January 30, 2009All architectures
Upon reception of an invalid update with 4-byte AS attributes, bgpd -
adhering to the RFCs - closed the session to the neighbor.
--- 148,154 ----
! 009: RELIABILITY FIX: January 30, 2009All architectures
Upon reception of an invalid update with 4-byte AS attributes, bgpd -
adhering to the RFCs - closed the session to the neighbor.
***************
*** 163,169 ****
! 008: SECURITY FIX: January 14, 2009All architectures
named(8) did not correctly check the return value of a DSA verification
function, potentially allowing bypass of verification of DNSSEC DSA
--- 161,167 ----
! 008: SECURITY FIX: January 14, 2009All architectures
named(8) did not correctly check the return value of a DSA verification
function, potentially allowing bypass of verification of DNSSEC DSA
***************
*** 175,181 ****
! 007: SECURITY FIX: January 9, 2009All architectures
The OpenSSL libraries did not correctly check the return value from
certain verification functions, allowing validation to be bypassed and
--- 173,179 ----
! 007: SECURITY FIX: January 9, 2009All architectures
The OpenSSL libraries did not correctly check the return value from
certain verification functions, allowing validation to be bypassed and
***************
*** 189,195 ****
! 006: SECURITY FIX: October 2, 2008All architectures
The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
solicitation requests maybe allowing a nearby attacker to intercept traffic.
--- 187,193 ----
! 006: SECURITY FIX: October 2, 2008All architectures
The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
solicitation requests maybe allowing a nearby attacker to intercept traffic.
***************
*** 202,208 ****
! 005: RELIABILITY FIX: July 29, 2008All architectures
Some kinds of IPv6 usage would leak kernel memory (in particular, this path
was exercised by the named(8) patch for port randomization). Since INET6 is
--- 200,206 ----
! 005: RELIABILITY FIX: July 29, 2008All architectures
Some kinds of IPv6 usage would leak kernel memory (in particular, this path
was exercised by the named(8) patch for port randomization). Since INET6 is
***************
*** 213,221 ****
! 004: SECURITY FIX: July 23, 2008All architectures
! 2nd revision, July 23, 2008
A vulnerability has been found with BIND. An attacker could use this vulnerability
to poison the cache of a recursive resolving name server.
CVE-2008-1447.
--- 211,219 ----
! 004: SECURITY FIX: July 23, 2008All architectures
! 2nd revision, July 23, 2008
A vulnerability has been found with BIND. An attacker could use this vulnerability
to poison the cache of a recursive resolving name server.
CVE-2008-1447.
***************
*** 225,231 ****
! 003: SECURITY FIX: July 15, 2008All architectures
Multiple vulnerabilities have been discovered in X.Org.
RENDER Extension heap buffer overflow,
--- 223,229 ----
! 003: SECURITY FIX: July 15, 2008All architectures
Multiple vulnerabilities have been discovered in X.Org.
RENDER Extension heap buffer overflow,
***************
*** 244,250 ****
! 002: SECURITY FIX: April 3, 2008All architectures
Avoid possible hijacking of X11-forwarded connections with sshd(8)
by refusing to listen on a port unless all address families bind
--- 242,248 ----
! 002: SECURITY FIX: April 3, 2008All architectures
Avoid possible hijacking of X11-forwarded connections with sshd(8)
by refusing to listen on a port unless all address families bind
***************
*** 254,260 ****
! 001: SECURITY FIX: March 30, 2008All architectures
sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) ForceCommand
directive was in effect, allowing users with write access to this file to
--- 252,258 ----
! 001: SECURITY FIX: March 30, 2008All architectures
sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) ForceCommand
directive was in effect, allowing users with write access to this file to
***************
*** 267,272 ****