version 1.16, 2014/03/31 03:12:47 |
version 1.17, 2014/03/31 16:02:48 |
|
|
|
|
<ul> |
<ul> |
<li><a name="001_pflow"></a> |
<li><a name="001_pflow"></a> |
<font color="#009000"><strong>001: RELIABILITY FIX: Nov 7, 2013</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>001: RELIABILITY FIX: Nov 7, 2013</strong></font> |
|
<i>All architectures</i><br> |
A crash can happen on pflow(4) interface destruction. |
A crash can happen on pflow(4) interface destruction. |
|
|
<br> |
<br> |
|
|
<p> |
<p> |
|
|
<li><a name="002_sshgcm"></a> |
<li><a name="002_sshgcm"></a> |
<font color="#009000"><strong>002: SECURITY FIX: Nov 7, 2013</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>002: SECURITY FIX: Nov 7, 2013</strong></font> |
|
<i>All architectures</i><br> |
A memory corruption vulnerability exists in the post-authentication sshd process |
A memory corruption vulnerability exists in the post-authentication sshd process |
when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is |
when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is |
selected during kex exchange. |
selected during kex exchange. |
|
|
<p> |
<p> |
|
|
<li><a name="003_vnode"></a> |
<li><a name="003_vnode"></a> |
<font color="#009000"><strong>003: RELIABILITY FIX: Nov 11, 2013</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>003: RELIABILITY FIX: Nov 11, 2013</strong></font> |
|
<i>All architectures</i><br> |
An unprivileged user may hang the system. |
An unprivileged user may hang the system. |
|
|
<br> |
<br> |
|
|
<p> |
<p> |
|
|
<li><a name="004_nginx"></a> |
<li><a name="004_nginx"></a> |
<font color="#009000"><strong>004: SECURITY FIX: Nov 21, 2013</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>004: SECURITY FIX: Nov 21, 2013</strong></font> |
|
<i>All architectures</i><br> |
A problem exists in |
A problem exists in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nginx&sektion=8">nginx(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nginx&sektion=8">nginx(8)</a> |
which might allow an attacker to bypass security restrictions in certain |
which might allow an attacker to bypass security restrictions in certain |
|
|
<p> |
<p> |
|
|
<li><a name="005_sha512"></a> |
<li><a name="005_sha512"></a> |
<font color="#009000"><strong>005: RELIABILITY FIX: Dec 19, 2013</strong></font> <i>Strict alignment architectures</i><br> |
<font color="#009000"><strong>005: RELIABILITY FIX: Dec 19, 2013</strong></font> |
|
<i>Strict alignment architectures</i><br> |
In OpenSSL, use of the SHA384 SSL/TLS ciphers may result in a crash of |
In OpenSSL, use of the SHA384 SSL/TLS ciphers may result in a crash of |
the application. The i386, amd64, vax and m68k platforms aren't |
the application. The i386, amd64, vax and m68k platforms aren't |
affected. |
affected. |
|
|
<p> |
<p> |
|
|
<li><a name="006_libXfont"></a> |
<li><a name="006_libXfont"></a> |
<font color="#009000"><strong>006: SECURITY FIX: Jan 10, 2014</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>006: SECURITY FIX: Jan 10, 2014</strong></font> |
|
<i>All architectures</i><br> |
A BDF font file containing a longer than expected string could overflow |
A BDF font file containing a longer than expected string could overflow |
a buffer on the stack in the X server. |
a buffer on the stack in the X server. |
This issue was assigned CVE-2013-6462. |
This issue was assigned CVE-2013-6462. |