! 001: RELIABILITY FIX: March 15, 2014All architectures
Memory corruption happens during
ICMP reflection handling. ICMP reflection is disabled by default.
--- 89,95 ----
! 001: RELIABILITY FIX: March 15, 2014All architectures
Memory corruption happens during
ICMP reflection handling. ICMP reflection is disabled by default.
***************
*** 101,107 ****
! 002: SECURITY FIX: April 8, 2014All architectures
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
heartbeat extension (RFC6520) which can result in a leak of memory contents.
--- 99,105 ----
! 002: SECURITY FIX: April 8, 2014All architectures
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
heartbeat extension (RFC6520) which can result in a leak of memory contents.
***************
*** 111,117 ****
! 003: SECURITY FIX: April 9, 2014All architectures
Missing hostname check for HTTPS connections in the
ftp(1)
--- 109,115 ----
! 003: SECURITY FIX: April 9, 2014All architectures
Missing hostname check for HTTPS connections in the
ftp(1)
***************
*** 122,128 ****
! 004: SECURITY FIX: April 12, 2014All architectures
A use-after-free race condition in OpenSSL's read buffer may permit an attacker
to inject data from one connection into another.
--- 120,126 ----
! 004: SECURITY FIX: April 12, 2014All architectures
A use-after-free race condition in OpenSSL's read buffer may permit an attacker
to inject data from one connection into another.
***************
*** 132,138 ****
! 005: RELIABILITY FIX: May 1, 2014All architectures
An attacker can trigger generation of an SSL alert which could cause
a null pointer dereference.
--- 130,136 ----
! 005: RELIABILITY FIX: May 1, 2014All architectures
An attacker can trigger generation of an SSL alert which could cause
a null pointer dereference.
***************
*** 142,148 ****
! 006: SECURITY FIX: May 24, 2014All architectures with X server
X Font Service Protocol & Font metadata file handling issues in libXfont
--- 140,146 ----
! 006: SECURITY FIX: May 24, 2014All architectures with X server
X Font Service Protocol & Font metadata file handling issues in libXfont
***************
*** 157,163 ****
! 007: SECURITY FIX: June 5, 2014All architectures
Sendmail was not properly closing file descriptions before executing programs.
This could enable local users to interfere with an open SMTP connection.
--- 155,161 ----
! 007: SECURITY FIX: June 5, 2014All architectures
Sendmail was not properly closing file descriptions before executing programs.
This could enable local users to interfere with an open SMTP connection.
***************
*** 168,174 ****
! 008: SECURITY FIX: June 6, 2014All architectures
This patch contains a number of SSL library fixes.
--- 166,172 ----
! 008: SECURITY FIX: June 6, 2014All architectures
This patch contains a number of SSL library fixes.
***************
*** 177,183 ****
! 009: RELIABILITY FIX: July 30, 2014All architectures
Packets with illegal DHCP options can lead to memory exhaustion of
dhclient(8)
--- 175,181 ----
! 009: RELIABILITY FIX: July 30, 2014All architectures
Packets with illegal DHCP options can lead to memory exhaustion of
dhclient(8)
***************
*** 189,195 ****
! 010: SECURITY FIX: August 9, 2014All architectures
This patch contains a number of SSL library fixes.
--- 187,193 ----
! 010: SECURITY FIX: August 9, 2014All architectures
This patch contains a number of SSL library fixes.
***************
*** 198,204 ****
! 011: SECURITY FIX: October 1, 2014All architectures
nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual
host confusion attacks in some configurations.
--- 196,202 ----
! 011: SECURITY FIX: October 1, 2014All architectures
nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual
host confusion attacks in some configurations.
***************
*** 209,215 ****
! 012: RELIABILITY FIX: October 20, 2014All architectures
Two remotely triggerable memory leaks in OpenSSL can lead to a denial of
service in server applications.
--- 207,213 ----
! 012: RELIABILITY FIX: October 20, 2014All architectures
Two remotely triggerable memory leaks in OpenSSL can lead to a denial of
service in server applications.
***************
*** 219,225 ****
! 013: RELIABILITY FIX: October 20, 2014All architectures
Executable headers with an unaligned address will trigger a kernel panic.
--- 217,223 ----
! 013: RELIABILITY FIX: October 20, 2014All architectures
Executable headers with an unaligned address will trigger a kernel panic.
***************
*** 228,234 ****
! 014: RELIABILITY FIX: November 17, 2014All architectures
A PF rule using an IPv4 address
followed by an IPv6 address and then a dynamic address, e.g. "pass
--- 226,232 ----
! 014: RELIABILITY FIX: November 17, 2014All architectures
A PF rule using an IPv4 address
followed by an IPv6 address and then a dynamic address, e.g. "pass
***************
*** 240,246 ****
! 015: RELIABILITY FIX: November 17, 2014All architectures
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.
--- 238,244 ----
! 015: RELIABILITY FIX: November 17, 2014All architectures
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.
***************
*** 249,255 ****
! 016: RELIABILITY FIX: December 5, 2014All architectures
Several bugs were fixed that allowed a crash from remote when an active pipex
session exists.
--- 247,253 ----
! 016: RELIABILITY FIX: December 5, 2014All architectures
Several bugs were fixed that allowed a crash from remote when an active pipex
session exists.
***************
*** 259,265 ****
! 017: RELIABILITY FIX: December 5, 2014All architectures
An incorrect memcpy call would result in corrupted MAC addresses when
using PPPOE.
--- 257,263 ----
! 017: RELIABILITY FIX: December 5, 2014All architectures
An incorrect memcpy call would result in corrupted MAC addresses when
using PPPOE.
***************
*** 269,275 ****
! 018: RELIABILITY FIX: December 9, 2014All architectures
Several bugs in virtio(4) can lead to hangs with virtio devices,
like vio(4) and vioblk(4).
--- 267,273 ----
! 018: RELIABILITY FIX: December 9, 2014All architectures
Several bugs in virtio(4) can lead to hangs with virtio devices,
like vio(4) and vioblk(4).
***************
*** 279,285 ****
! 019: SECURITY FIX: December 9, 2014All architectures
One year after Ilja van Sprundel discovered and reported a large number
of issues in the way the X server code base handles requests from X clients,
--- 277,283 ----
! 019: SECURITY FIX: December 9, 2014All architectures
One year after Ilja van Sprundel discovered and reported a large number
of issues in the way the X server code base handles requests from X clients,
***************
*** 292,298 ****
! 020: SECURITY FIX: January 13, 2015All architectures
Fix CVE-2014-6272 in libevent 1.4 event buffer handling. OpenBSD
base uses it for the programs: cu tmux ftp-proxy httpd ldapd relayd
--- 290,296 ----
! 020: SECURITY FIX: January 13, 2015All architectures
Fix CVE-2014-6272 in libevent 1.4 event buffer handling. OpenBSD
base uses it for the programs: cu tmux ftp-proxy httpd ldapd relayd
***************
*** 305,311 ****
! 021: SECURITY FIX: March 3, 2015All architectures
Information leak in the XkbSetGeometry request of X servers.
--- 303,309 ----
! 021: SECURITY FIX: March 3, 2015All architectures
Information leak in the XkbSetGeometry request of X servers.
***************
*** 317,323 ****
! 022: SECURITY FIX: March 13, 2015All architectures
Another fix for buffer overflows in malformed fonts.
--- 315,321 ----
! 022: SECURITY FIX: March 13, 2015All architectures
Another fix for buffer overflows in malformed fonts.
***************
*** 326,332 ****
! 023: SECURITY FIX: March 18, 2015All architectures
Buffer overflows in libXfont
--- 324,330 ----
! 023: SECURITY FIX: March 18, 2015All architectures
Buffer overflows in libXfont
***************
*** 339,345 ****
! 024: SECURITY FIX: March 19, 2015All architectures
Fix two possible crash causing defects.
CVE-2015-0286 - Apply fix from OpenSSL for ASN1_TYPE_cmp.
--- 337,343 ----
! 024: SECURITY FIX: March 19, 2015All architectures
Fix two possible crash causing defects.
CVE-2015-0286 - Apply fix from OpenSSL for ASN1_TYPE_cmp.
***************
*** 354,360 ****
! 025: RELIABILITY FIX: April 17, 2015All architectures
Fix a logic error in smtpd handling of SNI.
This could allow a remote user to crash the server or provoke a disconnect of other sessions.
--- 352,358 ----
! 025: RELIABILITY FIX: April 17, 2015All architectures
Fix a logic error in smtpd handling of SNI.
This could allow a remote user to crash the server or provoke a disconnect of other sessions.
***************
*** 366,371 ****