! 013: SECURITY FIX: February 16, 2011Little-endian architectures
PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were
not correctly handled on little-endian systems (alpha, amd64, arm, i386,
--- 85,91 ----
! 013: SECURITY FIX: February 16, 2011Little-endian architectures
PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were
not correctly handled on little-endian systems (alpha, amd64, arm, i386,
***************
*** 99,105 ****
! 012: SECURITY FIX: February 11, 2011All architectures
An incorrectly formatted ClientHello handshake message could cause
OpenSSL to parse past the end of the message. An attacker could use this flaw
--- 97,103 ----
! 012: SECURITY FIX: February 11, 2011All architectures
An incorrectly formatted ClientHello handshake message could cause
OpenSSL to parse past the end of the message. An attacker could use this flaw
***************
*** 117,123 ****
! 011: RELIABILITY FIX: January 13, 2011All architectures
sp_protocol in RTM_DELETE messages could contain garbage values
leading to routing socket users that restrict the AF (such as ospfd)
--- 115,121 ----
! 011: RELIABILITY FIX: January 13, 2011All architectures
sp_protocol in RTM_DELETE messages could contain garbage values
leading to routing socket users that restrict the AF (such as ospfd)
***************
*** 128,134 ****
! 010: RELIABILITY FIX: December 20, 2010All architectures
Bring CBC oracle attack countermeasures to hardware crypto accelerator land.
This fixes aes-ni, via xcrypt and various drivers
--- 126,132 ----
! 010: RELIABILITY FIX: December 20, 2010All architectures
Bring CBC oracle attack countermeasures to hardware crypto accelerator land.
This fixes aes-ni, via xcrypt and various drivers
***************
*** 145,151 ****
! 009: SECURITY FIX: December 17, 2010All architectures
Insufficent initialization of the pf rule structure in the ioctl
handler may allow userland to modify kernel memory. By default root
--- 143,149 ----
! 009: SECURITY FIX: December 17, 2010All architectures
Insufficent initialization of the pf rule structure in the ioctl
handler may allow userland to modify kernel memory. By default root
***************
*** 156,162 ****
! 008: RELIABILITY FIX: November 17, 2010All architectures
Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to
a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded
--- 154,160 ----
! 008: RELIABILITY FIX: November 17, 2010All architectures
Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to
a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded
***************
*** 168,174 ****
! 007: RELIABILITY FIX: September 14, 2010All architectures
Avoid calling scsi_done() more than once in gdt(4). Fixes a kernel panic triggered by syncing disks during shut down.
Clear the ITSDONE flag before issuing commands to the SCSI adapter. Fixes handling of retried SCSI commands.
--- 166,172 ----
! 007: RELIABILITY FIX: September 14, 2010All architectures
Avoid calling scsi_done() more than once in gdt(4). Fixes a kernel panic triggered by syncing disks during shut down.
Clear the ITSDONE flag before issuing commands to the SCSI adapter. Fixes handling of retried SCSI commands.
***************
*** 178,184 ****
! 006: RELIABILITY FIX: July 8, 2010All architectures
Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives.
--- 176,182 ----
! 006: RELIABILITY FIX: July 8, 2010All architectures
Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives.
***************
*** 187,193 ****
! 005: RELIABILITY FIX: May 14, 2010All architectures
Incorrectly initialized state updates can cause pfsync update storms.
--- 185,191 ----
! 005: RELIABILITY FIX: May 14, 2010All architectures
Incorrectly initialized state updates can cause pfsync update storms.
***************
*** 196,202 ****
! 004: SECURITY FIX: April 23, 2010All architectures
The combination of pfsync and IPSEC may crash the kernel.
--- 194,200 ----
! 002: RELIABILITY FIX: April 4, 2010All architectures
When updating sensors showing the state of RAID volumes
mpi(4)
***************
*** 229,235 ****
! 001: RELIABILITY FIX: March 31, 2010All architectures
When decrypting packets, the internal decryption functions were not
paranoid enough in checking for underruns, which could potentially
--- 227,233 ----
! 001: RELIABILITY FIX: March 31, 2010All architectures
When decrypting packets, the internal decryption functions were not
paranoid enough in checking for underruns, which could potentially
***************
*** 242,247 ****