-001: SECURITY FIX: August 30, 2015
+001: SECURITY FIX: August 30, 2015All architectures
Inverted logic made PermitRootLogin "prohibit-password" unsafe.
Use "no" (which is the installer default), or apply the following patch.
@@ -100,7 +98,7 @@
-002: INTEROPERABILITY FIX: August 30, 2015
+002: INTEROPERABILITY FIX: August 30, 2015All architectures
LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
include TLS extensions, resulting in such handshakes being aborted.
@@ -110,7 +108,7 @@
-003: RELIABILITY FIX: September 28, 2015
+003: RELIABILITY FIX: September 28, 2015All architectures
An incorrect operation in uvm could result in system panics.
@@ -119,7 +117,7 @@
-004: SECURITY FIX: October 1, 2015
+004: SECURITY FIX: October 1, 2015All architectures
Fix multiple reliability and security issues in smtpd:
@@ -138,7 +136,7 @@
-005: RELIABILITY FIX: October 14, 2015
+005: RELIABILITY FIX: October 14, 2015All architectures
A problem with timer kevents could result in a kernel hang (local denial
of service).
@@ -147,7 +145,7 @@
-006: RELEASE CD ISSUE: Oct 18, 2015
+006: RELEASE CD ISSUE: Oct 18, 2015All architectures
The "src.tar.gz" file on the source tree was created on the wrong day,
and does not match the 5.8 release builds.
@@ -158,7 +156,7 @@
-007: RELIABILITY FIX: October 15, 2015
+007: RELIABILITY FIX: October 15, 2015All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
and memory leak, as reported by Qualys Security.
@@ -167,7 +165,7 @@
-008: RELIABILITY FIX: November 9, 2015
+008: RELIABILITY FIX: November 9, 2015All architectures
Insufficient validation of RSN element group cipher values in 802.11
beacons and probe responses could result in system panics.
@@ -176,7 +174,7 @@
-009: RELIABILITY FIX: Dec 3, 2015
+009: RELIABILITY FIX: Dec 3, 2015All architectures
A NULL pointer dereference could be triggered by a crafted certificate sent to
services configured to verify client certificates on TLS/SSL connections.
@@ -185,7 +183,7 @@
-010: SECURITY FIX: January 14, 2016
+010: SECURITY FIX: January 14, 2016All architectures
Experimental roaming code in the ssh client could be tricked by a hostile sshd
server, potentially leaking key material. CVE-2016-0777 and CVE-0216-0778.
@@ -198,7 +196,7 @@
-012: SECURITY FIX: March 16, 2016
+012: SECURITY FIX: March 16, 2016All architectures
Insufficient checks in IPv6 socket binding and UDP IPv6 option
processing allow a local user to send UDP packets with a source
@@ -222,7 +220,7 @@
-013: SECURITY FIX: May 3, 2016
+013: SECURITY FIX: May 3, 2016All architectures
Fix issues in the libcrypto library.
Refer to the OpenSSL advisory.
@@ -239,7 +237,7 @@
-014: SECURITY FIX: May 17, 2016
+014: SECURITY FIX: May 17, 2016All architectures
Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel
memory contents to a local user.
@@ -249,7 +247,7 @@
-015: RELIABILITY FIX: May 29, 2016
+015: RELIABILITY FIX: May 29, 2016All architectures
Fix a bug in the libcrypto library when parsing certain ASN.1 elements.
@@ -258,7 +256,7 @@
-016: SECURITY FIX: June 2, 2016
+016: SECURITY FIX: June 2, 2016All architectures
Fix issues in the libexpat library to prevent multiple integer and buffer overflows.
@@ -267,7 +265,7 @@
-017: SECURITY FIX: June 6, 2016
+017: SECURITY FIX: June 6, 2016All architectures
Correct a problem that prevents the DSA signing algorithm from running
in constant time even if the flag BN_FLG_CONSTTIME is set.
@@ -277,7 +275,7 @@
-018: RELIABILITY FIX: July 14, 2016
+018: RELIABILITY FIX: July 14, 2016All architectures
Splicing sockets in a loop could cause a kernel spin.
@@ -286,7 +284,7 @@
-019: RELIABILITY FIX: July 14, 2016
+019: RELIABILITY FIX: July 14, 2016All architectures
ufs_readdir failed to limit size of memory allocation, leading to panics.
@@ -295,7 +293,7 @@
-020: SECURITY FIX: July 14, 2016
+020: SECURITY FIX: July 14, 2016All architectures
The mmap extension __MAP_NOFAULT could overcommit resources and crash
the system.
@@ -305,7 +303,7 @@
-021: RELIABILITY FIX: July 14, 2016
+021: RELIABILITY FIX: July 14, 2016All architectures
Tick counting overflows could cause a kernel crash.
@@ -314,7 +312,7 @@
-022: RELIABILITY FIX: July 14, 2016
+022: RELIABILITY FIX: July 14, 2016All architectures
Invalid file descriptor use with kevent(2) could lead to a kernel crash.
@@ -323,7 +321,7 @@
-023: RELIABILITY FIX: July 14, 2016
+023: RELIABILITY FIX: July 14, 2016All architectures
Unchecked parameters and integer overflows in the amap allocation routines
could cause malloc(9) to either not allocate enough memory, leading to memory
@@ -334,7 +332,7 @@
-024: RELIABILITY FIX: July 25, 2016
+024: RELIABILITY FIX: July 25, 2016All architectures
When signaling an error to an HTTP relay client, the connection can be
terminated prematurely, leading to a crash.
@@ -344,8 +342,7 @@
-
-025: RELIABILITY FIX: August 2, 2016
+025: RELIABILITY FIX: August 2, 2016All architectures
A missing NULL check in sysctl code results in a crash.
@@ -355,8 +352,7 @@
-
-026: RELIABILITY FIX: August 2, 2016
+026: RELIABILITY FIX: August 2, 2016All architectures
Missing overflow checks in uvm may result in panics.
@@ -366,8 +362,7 @@
-
-027: SECURITY FIX: August 6, 2016
+027: SECURITY FIX: August 6, 2016All architectures
Don't look in the current working directory for perl modules to load.
@@ -379,8 +374,7 @@
-
-028: RELIABILITY FIX: August 6, 2016
+028: RELIABILITY FIX: August 6, 2016All architectures
Improve relayd's parsing of the Host-header by following RFC 7230
@@ -393,6 +387,3 @@