-001: INSTALL ISSUE: May 1, 2015
+001: INSTALL ISSUE: May 1, 2015sparc64
The "miniroot" install method is broken (related to the addition of
softraid support). This method is used by the official CD 3 as
@@ -100,7 +98,7 @@
-002: SECURITY FIX: March 18, 2015
+002: SECURITY FIX: March 18, 2015All architectures
Buffer overflows in libXfont
@@ -113,7 +111,7 @@
-003: SECURITY FIX: March 19, 2015
+003: SECURITY FIX: March 19, 2015All architectures
Fix several crash causing defects from OpenSSL.
These include:
@@ -132,7 +130,7 @@
-004: RELIABILITY FIX: April 17, 2015
+004: RELIABILITY FIX: April 17, 2015All architectures
Fix a logic error in smtpd handling of SNI.
This could allow a remote user to crash the server or provoke a disconnect of other sessions.
@@ -142,7 +140,7 @@
-005: RELIABILITY FIX: April 30, 2015
+005: RELIABILITY FIX: April 30, 2015All architectures
A remote user can crash httpd by forcing the daemon to log to a file
before the logging system was initialized.
@@ -152,7 +150,7 @@
-006: SECURITY FIX: April 30, 2015
+006: SECURITY FIX: April 30, 2015All architectures
Malformed binaries could trigger kernel panics or view kernel memory.
@@ -161,7 +159,7 @@
-007: SECURITY FIX: April 30, 2015
+007: SECURITY FIX: April 30, 2015All architectures
Multiple issues in tar/pax/cpio:
@@ -176,7 +174,7 @@
-008: RELIABILITY FIX: June 11, 2015
+008: RELIABILITY FIX: June 11, 2015All architectures
Fix multiple reliability issues in smtpd:
@@ -188,7 +186,7 @@
-009: SECURITY FIX: June 11, 2015
+009: SECURITY FIX: June 11, 2015All architectures
Fix several defects from OpenSSL:
@@ -206,7 +204,7 @@
-010: SECURITY FIX: July 14, 2015
+010: SECURITY FIX: July 14, 2015All architectures
A TCP socket can become confused and not properly cleanup resources.
@@ -215,7 +213,7 @@
-011: RELIABILITY FIX: July 26, 2015
+011: RELIABILITY FIX: July 26, 2015All architectures
A kernel memory leak could be triggered by an unprivileged user in
a failure case when using execve under systrace.
@@ -225,7 +223,7 @@
-012: SECURITY FIX: July 26, 2015
+012: SECURITY FIX: July 26, 2015All architectures
The patch utility could be made to invoke arbitrary commands via
the obsolete RCS support when processing a crafted input file.
@@ -236,7 +234,7 @@
-013: SECURITY FIX: July 30, 2015
+013: SECURITY FIX: July 30, 2015All architectures
The patch utility could become desyncronized processing ed(1)-style diffs.
@@ -245,7 +243,7 @@
-014: SECURITY FIX: August 16, 2015
+014: SECURITY FIX: August 16, 2015All architectures
A change to sshd resulted in incorrect permissions being applied to pseudo
terminal devices, allowing local users to write to (but not read from) them.
@@ -255,7 +253,7 @@
-015: RELIABILITY FIX: September 28, 2015
+015: RELIABILITY FIX: September 28, 2015All architectures
Various problems were identified in relayd and merged back from
current to 5.7 in this maintanance update.
@@ -265,7 +263,7 @@
-016: RELIABILITY FIX: September 28, 2015
+016: RELIABILITY FIX: September 28, 2015All architectures
An incorrect operation in uvm could result in system panics.
@@ -274,7 +272,7 @@
-017: SECURITY FIX: October 1, 2015
+017: SECURITY FIX: October 1, 2015All architectures
Fix multiple reliability and security issues in smtpd:
@@ -293,7 +291,7 @@
-018: RELIABILITY FIX: October 14, 2015
+018: RELIABILITY FIX: October 14, 2015All architectures
A problem with timer kevents could result in a kernel hang (local denial
of service).
@@ -302,7 +300,7 @@
-019: RELIABILITY FIX: October 15, 2015
+019: RELIABILITY FIX: October 15, 2015All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
and memory leak, as reported by Qualys Security.
@@ -311,7 +309,7 @@
-020: RELIABILITY FIX: November 9, 2015
+020: RELIABILITY FIX: November 9, 2015All architectures
Insufficient validation of RSN element group cipher values in 802.11
beacons and probe responses could result in system panics.
@@ -320,7 +318,7 @@
-021: RELIABILITY FIX: Dec 3, 2015
+021: RELIABILITY FIX: Dec 3, 2015All architectures
A NULL pointer deference could be triggered by a crafted certificate sent to
services configured to verify client certificates on TLS/SSL connections.
@@ -329,7 +327,7 @@
-022: SECURITY FIX: January 14, 2016
+022: SECURITY FIX: January 14, 2016All architectures
Experimental roaming code in the ssh client could be tricked by a hostile sshd
server, potentially leaking key material. CVE-2016-0777 and CVE-0216-0778.
@@ -342,7 +340,7 @@
-024: SECURITY FIX: March 16, 2016
+024: SECURITY FIX: March 16, 2016All architectures
Insufficient checks in IPv6 socket binding and UDP IPv6 option
processing allow a local user to send UDP packets with a source
@@ -368,6 +366,3 @@