!
! 001: RELIABILITY FIX: October 13, 2017amd64
A local user could trigger a kernel panic by using an invalid TCB value.
--- 92,98 ----
! 001: RELIABILITY FIX: October 13, 2017amd64
A local user could trigger a kernel panic by using an invalid TCB value.
***************
*** 105,112 ****
!
! 002: SECURITY FIX: December 1, 2017All architectures
The fktrace(2) system call had insufficient security checks.
--- 102,108 ----
! 002: SECURITY FIX: December 1, 2017All architectures
The fktrace(2) system call had insufficient security checks.
***************
*** 116,123 ****
!
! 003: RELIABILITY FIX: December 10, 2017All architectures
A number of bugs were discovered in the MPLS stack that can be used to
--- 112,118 ----
! 003: RELIABILITY FIX: December 10, 2017All architectures
A number of bugs were discovered in the MPLS stack that can be used to
***************
*** 128,135 ****
!
! 004: RELIABILITY FIX: January 14, 2018All architectures
An incorrect TLS extensions block is generated when no extensions are present,
--- 123,129 ----
! 004: RELIABILITY FIX: January 14, 2018All architectures
An incorrect TLS extensions block is generated when no extensions are present,
***************
*** 140,147 ****
!
! 005: RELIABILITY FIX: February 2, 2018All architectures
Specially crafted IPsec AH packets with IP options or IPv6 extension
--- 134,140 ----
! 005: RELIABILITY FIX: February 2, 2018All architectures
Specially crafted IPsec AH packets with IP options or IPv6 extension
***************
*** 152,159 ****
!
! 006: RELIABILITY FIX: February 2, 2018All architectures
Processing IPv6 fragments could incorrectly access memory of an mbuf
--- 145,151 ----
! 006: RELIABILITY FIX: February 2, 2018All architectures
Processing IPv6 fragments could incorrectly access memory of an mbuf
***************
*** 164,171 ****
!
! 007: SECURITY FIX: February 2, 2018All architectures
If the EtherIP tunnel protocol was disabled, IPv6 packets were not
--- 156,162 ----
! 007: SECURITY FIX: February 2, 2018All architectures
If the EtherIP tunnel protocol was disabled, IPv6 packets were not
***************
*** 176,183 ****
!
! 008: SECURITY FIX: February 8, 2018All architectures
A flaw was found in the way unbound validated wildcard-synthesized
--- 167,173 ----
! 008: SECURITY FIX: February 8, 2018All architectures
A flaw was found in the way unbound validated wildcard-synthesized
***************
*** 190,197 ****
!
! 009: SECURITY FIX: March 1, 2018amd64
Intel CPUs contain a speculative execution flaw called Meltdown which
--- 180,186 ----
! 009: SECURITY FIX: March 1, 2018amd64
Intel CPUs contain a speculative execution flaw called Meltdown which
***************
*** 202,209 ****
!
! 010: RELIABILITY FIX: March 20, 2018All architectures
The IPsec AH header could be longer than the network packet, resulting in
--- 191,197 ----
! 010: RELIABILITY FIX: March 20, 2018All architectures
The IPsec AH header could be longer than the network packet, resulting in
***************
*** 214,221 ****
!
! 011: SECURITY FIX: April 14, 2018All architectures
Heap overflows exist in perl which can lead to segmentation faults,
--- 202,208 ----
! 011: SECURITY FIX: April 14, 2018All architectures
Heap overflows exist in perl which can lead to segmentation faults,
***************
*** 226,233 ****
!
! 012: RELIABILITY FIX: April 21, 2018All architectures
httpd can leak file descriptors when servicing range requests.
--- 213,219 ----
! 012: RELIABILITY FIX: April 21, 2018All architectures
httpd can leak file descriptors when servicing range requests.
***************
*** 237,244 ****
!
! 013: RELIABILITY FIX: May 8, 2018All architectures
Incorrect handling of fragmented IPsec packets could result in a system crash.
--- 223,229 ----
! 013: RELIABILITY FIX: May 8, 2018All architectures
Incorrect handling of fragmented IPsec packets could result in a system crash.
***************
*** 248,255 ****
!
! 014: RELIABILITY FIX: May 17, 2018All architectures
A malicious packet can cause a kernel crash when using IPsec over IPv6.
--- 233,239 ----
! 014: RELIABILITY FIX: May 17, 2018All architectures
A malicious packet can cause a kernel crash when using IPsec over IPv6.
***************
*** 259,266 ****
!
! 015: SECURITY FIX: June 14, 2018All architectures
DSA and ECDSA signature generation can potentially leak secret information
--- 243,249 ----
! 015: SECURITY FIX: June 14, 2018All architectures
DSA and ECDSA signature generation can potentially leak secret information
***************
*** 271,278 ****
!
! 016: SECURITY FIX: June 21, 2018All architectures
Perl's Archive::Tar module could be made to write files outside of
--- 254,260 ----
! 016: SECURITY FIX: June 21, 2018All architectures
Perl's Archive::Tar module could be made to write files outside of
***************
*** 283,290 ****
!
! 017: SECURITY FIX: June 21, 2018amd64
Intel CPUs speculatively access FPU registers even when the FPU is disabled,
--- 265,271 ----
! 017: SECURITY FIX: June 21, 2018amd64
Intel CPUs speculatively access FPU registers even when the FPU is disabled,
***************
*** 296,303 ****
!
! 018: RELIABILITY FIX: July 25, 2018All architectures
A regular user could trigger a kernel panic by executing an invalid
--- 277,283 ----
! 018: RELIABILITY FIX: July 25, 2018All architectures
A regular user could trigger a kernel panic by executing an invalid
***************
*** 308,315 ****
!
! 019: SECURITY FIX: July 31, 2018amd64 and i386
On AMD CPUs, set a chicken bit which turns LFENCE into a serialization
--- 288,294 ----
! 019: SECURITY FIX: July 31, 2018amd64 and i386
On AMD CPUs, set a chicken bit which turns LFENCE into a serialization
***************
*** 320,327 ****
!
! 020: SECURITY FIX: July 31, 2018i386
IO port permissions were incorrectly restricted.
--- 299,305 ----
! 020: SECURITY FIX: July 31, 2018i386
IO port permissions were incorrectly restricted.
***************
*** 331,338 ****
!
! 021: RELIABILITY FIX: August 4, 2018amd64
Incorrect initialization of the FPU caused floating point exceptions
--- 309,315 ----
! 021: RELIABILITY FIX: August 4, 2018amd64
Incorrect initialization of the FPU caused floating point exceptions
***************
*** 343,350 ****
!
! 022: SECURITY FIX: August 24, 2018amd64
State from the FPU of one userland process could be exposed to other processes.
--- 320,326 ----
! 022: SECURITY FIX: August 24, 2018amd64
State from the FPU of one userland process could be exposed to other processes.
***************
*** 354,361 ****
!
! 023: SECURITY FIX: August 24, 2018amd64
The Intel L1TF bug allows a vmm guest to read host memory.
--- 330,336 ----
! 023: SECURITY FIX: August 24, 2018amd64
The Intel L1TF bug allows a vmm guest to read host memory.
***************
*** 366,373 ****
!
! 024: SECURITY FIX: September 21, 2018amd64
On AMD CPUs, LDTR must be managed crossing between VMs.
--- 341,347 ----
! 024: SECURITY FIX: September 21, 2018amd64
On AMD CPUs, LDTR must be managed crossing between VMs.
***************
*** 379,384 ****