-013: RELIABILITY FIX: April 11, 2009
+013: RELIABILITY FIX: April 11, 2009All architectures
When pf attempts to perform translation on a specially crafted IP datagram,
a null pointer dereference will occur, resulting in a kernel panic.
@@ -109,7 +107,7 @@
-012: RELIABILITY FIX: April 8, 2009
+012: RELIABILITY FIX: April 8, 2009All architectures
The OpenSSL ASN.1 handling code could be forced to perform invalid memory
accesses through the use of certain invalid strings
@@ -127,7 +125,7 @@
-011: SECURITY FIX: February 22, 2009
+011: SECURITY FIX: February 22, 2009All architectures
sudo(8) may allow a user listed in the sudoers file to run a command
as a different user than their access rule specifies when a Unix
@@ -140,7 +138,7 @@
-010: RELIABILITY FIX: February 18, 2009
+010: RELIABILITY FIX: February 18, 2009All architectures
bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
the process to terminate because of the resulting corrupt path.
@@ -150,7 +148,7 @@
-009: RELIABILITY FIX: January 30, 2009
+009: RELIABILITY FIX: January 30, 2009All architectures
Upon reception of an invalid update with 4-byte AS attributes, bgpd -
adhering to the RFCs - closed the session to the neighbor.
@@ -163,7 +161,7 @@
-008: SECURITY FIX: January 14, 2009
+008: SECURITY FIX: January 14, 2009All architectures
named(8) did not correctly check the return value of a DSA verification
function, potentially allowing bypass of verification of DNSSEC DSA
@@ -175,7 +173,7 @@
-007: SECURITY FIX: January 9, 2009
+007: SECURITY FIX: January 9, 2009All architectures
The OpenSSL libraries did not correctly check the return value from
certain verification functions, allowing validation to be bypassed and
@@ -189,7 +187,7 @@
-006: SECURITY FIX: October 2, 2008
+006: SECURITY FIX: October 2, 2008All architectures
The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
solicitation requests maybe allowing a nearby attacker to intercept traffic.
@@ -202,7 +200,7 @@
-005: RELIABILITY FIX: July 29, 2008
+005: RELIABILITY FIX: July 29, 2008All architectures
Some kinds of IPv6 usage would leak kernel memory (in particular, this path
was exercised by the named(8) patch for port randomization). Since INET6 is
@@ -213,9 +211,9 @@
-004: SECURITY FIX: July 23, 2008
+004: SECURITY FIX: July 23, 2008All architectures
-2nd revision, July 23, 2008
+2nd revision, July 23, 2008
A vulnerability has been found with BIND. An attacker could use this vulnerability
to poison the cache of a recursive resolving name server.
CVE-2008-1447.
@@ -225,7 +223,7 @@
-003: SECURITY FIX: July 15, 2008
+003: SECURITY FIX: July 15, 2008All architectures
Multiple vulnerabilities have been discovered in X.Org.
RENDER Extension heap buffer overflow,
@@ -244,7 +242,7 @@
-002: SECURITY FIX: April 3, 2008
+002: SECURITY FIX: April 3, 2008All architectures
Avoid possible hijacking of X11-forwarded connections with sshd(8)
by refusing to listen on a port unless all address families bind
@@ -254,7 +252,7 @@
-001: SECURITY FIX: March 30, 2008
+001: SECURITY FIX: March 30, 2008All architectures
sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) ForceCommand
directive was in effect, allowing users with write access to this file to
@@ -267,6 +265,3 @@