-001: RELIABILITY FIX: Nov 7, 2013
+001: RELIABILITY FIX: Nov 7, 2013All architectures
A crash can happen on
pflow(4)
@@ -100,7 +98,7 @@
-002: SECURITY FIX: Nov 7, 2013
+002: SECURITY FIX: Nov 7, 2013All architectures
A memory corruption vulnerability exists in the post-authentication sshd process
when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is
@@ -114,7 +112,7 @@
-003: RELIABILITY FIX: Nov 11, 2013
+003: RELIABILITY FIX: Nov 11, 2013All architectures
An unprivileged user may hang the system.
@@ -124,7 +122,7 @@
-004: SECURITY FIX: Nov 21, 2013
+004: SECURITY FIX: Nov 21, 2013All architectures
A problem exists in
nginx(8)
@@ -137,7 +135,7 @@
-005: RELIABILITY FIX: Dec 19, 2013
+005: RELIABILITY FIX: Dec 19, 2013Strict alignment architectures
In OpenSSL, use of the SHA384 SSL/TLS ciphers may result in a crash of
the application. The i386, amd64, vax and m68k platforms aren't
@@ -148,7 +146,7 @@
-006: SECURITY FIX: Jan 10, 2014
+006: SECURITY FIX: Jan 10, 2014All architectures
A BDF font file containing a longer than expected string could overflow
a buffer on the stack in the X server.
@@ -159,7 +157,7 @@
-007: SECURITY FIX: April 8, 2014
+007: SECURITY FIX: April 8, 2014All architectures
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
heartbeat extension (RFC6520) which can result in a leak of memory contents.
@@ -169,7 +167,7 @@
-008: SECURITY FIX: April 12, 2014
+008: SECURITY FIX: April 12, 2014All architectures
A use-after-free race condition in OpenSSL's read buffer may permit an attacker
to inject data from one connection into another.
@@ -179,7 +177,7 @@
-009: RELIABILITY FIX: May 1, 2014
+009: RELIABILITY FIX: May 1, 2014All architectures
An attacker can trigger generation of an SSL alert which could cause
a null pointer dereference.
@@ -189,7 +187,7 @@
-010: SECURITY FIX: May 24, 2014
+010: SECURITY FIX: May 24, 2014All architectures with X server
X Font Service Protocol & Font metadata file handling issues in libXfont
@@ -204,7 +202,7 @@
-011: SECURITY FIX: June 5, 2014
+011: SECURITY FIX: June 5, 2014All architectures
Sendmail was not properly closing file descriptions before executing programs.
This could enable local users to interfere with an open SMTP connection.
@@ -215,7 +213,7 @@
-012: SECURITY FIX: June 6, 2014
+012: SECURITY FIX: June 6, 2014All architectures
This patch contains a number of SSL library fixes.
@@ -224,7 +222,7 @@
-013: RELIABILITY FIX: July 30, 2014
+013: RELIABILITY FIX: July 30, 2014All architectures
Packets with illegal DHCP options can lead to memory exhaustion of
dhclient(8)
@@ -236,7 +234,7 @@
-014: SECURITY FIX: August 9, 2014
+014: SECURITY FIX: August 9, 2014All architectures
This patch contains a number of SSL library fixes.
@@ -245,7 +243,7 @@
-015: SECURITY FIX: October 1, 2014
+015: SECURITY FIX: October 1, 2014All architectures
nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual
host confusion attacks in some configurations.
@@ -256,7 +254,7 @@
-016: RELIABILITY FIX: October 20, 2014
+016: RELIABILITY FIX: October 20, 2014All architectures
Two remotely triggerable memory leaks in OpenSSL can lead to a denial of
service in server applications.
@@ -266,7 +264,7 @@
-017: RELIABILITY FIX: October 20, 2014
+017: RELIABILITY FIX: October 20, 2014All architectures
Executable headers with an unaligned address will trigger a kernel panic.
@@ -277,6 +275,3 @@