!
! 001: SECURITY FIX: April 14, 2018All architectures
Heap overflows exist in perl which can lead to segmentation faults,
--- 92,98 ----
! 001: SECURITY FIX: April 14, 2018All architectures
Heap overflows exist in perl which can lead to segmentation faults,
***************
*** 106,113 ****
!
! 002: RELIABILITY FIX: April 21, 2018All architectures
Additional data is inadvertently removed when private keys are cleared from
--- 103,109 ----
! 002: RELIABILITY FIX: April 21, 2018All architectures
Additional data is inadvertently removed when private keys are cleared from
***************
*** 118,125 ****
!
! 003: RELIABILITY FIX: April 21, 2018All architectures
ARP replies could be sent on the wrong member of a bridge(4) interface.
--- 114,120 ----
! 003: RELIABILITY FIX: April 21, 2018All architectures
ARP replies could be sent on the wrong member of a bridge(4) interface.
***************
*** 129,136 ****
!
! 004: SECURITY FIX: April 21, 2018All architectures
In the gif(4) interface, use the specified protocol for IPv6, plug
--- 124,130 ----
! 004: SECURITY FIX: April 21, 2018All architectures
In the gif(4) interface, use the specified protocol for IPv6, plug
***************
*** 141,148 ****
!
! 005: RELIABILITY FIX: April 21, 2018All architectures
httpd can leak file descriptors when servicing range requests.
--- 135,141 ----
! 005: RELIABILITY FIX: April 21, 2018All architectures
httpd can leak file descriptors when servicing range requests.
***************
*** 152,159 ****
!
! 006: RELIABILITY FIX: May 8, 2018All architectures
Incorrect handling of fragmented IPsec packets could result in a system crash.
--- 145,151 ----
! 006: RELIABILITY FIX: May 8, 2018All architectures
Incorrect handling of fragmented IPsec packets could result in a system crash.
***************
*** 163,170 ****
!
! 007: RELIABILITY FIX: May 8, 2018All architectures
Incorrect checks in libcrypto can prevent Diffie-Hellman Exchange operations
--- 155,161 ----
! 007: RELIABILITY FIX: May 8, 2018All architectures
Incorrect checks in libcrypto can prevent Diffie-Hellman Exchange operations
***************
*** 175,182 ****
!
! 008: RELIABILITY FIX: May 17, 2018All architectures
A malicious packet can cause a kernel crash when using IPsec over IPv6.
--- 166,172 ----
! 008: RELIABILITY FIX: May 17, 2018All architectures
A malicious packet can cause a kernel crash when using IPsec over IPv6.
***************
*** 186,193 ****
!
! 009: SECURITY FIX: June 14, 2018All architectures
DSA and ECDSA signature generation can potentially leak secret information
--- 176,182 ----
! 009: SECURITY FIX: June 14, 2018All architectures
DSA and ECDSA signature generation can potentially leak secret information
***************
*** 198,205 ****
!
! 010: SECURITY FIX: June 17, 2018amd64
Intel CPUs speculatively access FPU registers even when the FPU is disabled,
--- 187,193 ----
! 010: SECURITY FIX: June 17, 2018amd64
Intel CPUs speculatively access FPU registers even when the FPU is disabled,
***************
*** 211,218 ****
!
! 011: SECURITY FIX: June 21, 2018All architectures
Perl's Archive::Tar module could be made to write files outside of
--- 199,205 ----
! 011: SECURITY FIX: June 21, 2018All architectures
Perl's Archive::Tar module could be made to write files outside of
***************
*** 223,230 ****
!
! 012: RELIABILITY FIX: July 25, 2018All architectures
A regular user could trigger a kernel panic by executing an invalid
--- 210,216 ----
! 012: RELIABILITY FIX: July 25, 2018All architectures
A regular user could trigger a kernel panic by executing an invalid
***************
*** 235,242 ****
!
! 013: RELIABILITY FIX: July 25, 2018All architectures
When an IPsec key expired, the kernel could panic due to unfinished
--- 221,227 ----
! 013: RELIABILITY FIX: July 25, 2018All architectures
When an IPsec key expired, the kernel could panic due to unfinished
***************
*** 247,254 ****
!
! 014: SECURITY FIX: July 31, 2018amd64 and i386
On AMD CPUs, set a chicken bit which turns LFENCE into a serialization
--- 232,238 ----
! 014: SECURITY FIX: July 31, 2018amd64 and i386
On AMD CPUs, set a chicken bit which turns LFENCE into a serialization
***************
*** 259,266 ****
!
! 015: SECURITY FIX: July 31, 2018i386
IO port permissions were incorrectly restricted.
--- 243,249 ----
! 015: SECURITY FIX: July 31, 2018i386
IO port permissions were incorrectly restricted.
***************
*** 270,277 ****
!
! 016: RELIABILITY FIX: August 4, 2018amd64
Incorrect initialization of the FPU caused floating point exceptions
--- 253,259 ----
! 016: RELIABILITY FIX: August 4, 2018amd64
Incorrect initialization of the FPU caused floating point exceptions
***************
*** 282,289 ****
!
! 017: SECURITY FIX: August 24, 2018amd64
State from the FPU of one userland process could be exposed to other processes.
--- 264,270 ----
! 017: SECURITY FIX: August 24, 2018amd64
State from the FPU of one userland process could be exposed to other processes.
***************
*** 293,300 ****
!
! 018: SECURITY FIX: August 24, 2018amd64
The Intel L1TF bug allows a vmm guest to read host memory.
--- 274,280 ----
! 018: SECURITY FIX: August 24, 2018amd64
The Intel L1TF bug allows a vmm guest to read host memory.
***************
*** 305,312 ****
!
! 019: SECURITY FIX: September 21, 2018amd64
On AMD CPUs, LDTR must be managed crossing between VMs.
--- 285,291 ----
! 019: SECURITY FIX: September 21, 2018amd64
On AMD CPUs, LDTR must be managed crossing between VMs.
***************
*** 316,323 ****
!
! 020: SECURITY FIX: October 25, 2018All architectures
The Xorg X server incorrectly validates certain options, allowing arbitrary
--- 295,301 ----
! 020: SECURITY FIX: October 25, 2018All architectures
The Xorg X server incorrectly validates certain options, allowing arbitrary
***************
*** 330,337 ****
!
! 021: RELIABILITY FIX: November 2, 2018i386, amd64, arm64
The syspatch utility incorrectly handles symbolic links.
--- 308,314 ----
! 021: RELIABILITY FIX: November 2, 2018i386, amd64, arm64
The syspatch utility incorrectly handles symbolic links.
***************
*** 341,348 ****
!
! 022: SECURITY FIX: November 17, 2018All architectures
Timing side channels may leak information about DSA and ECDSA private keys.
--- 318,324 ----
! 022: SECURITY FIX: November 17, 2018All architectures
Timing side channels may leak information about DSA and ECDSA private keys.
***************
*** 352,359 ****
!
! 023: RELIABILITY FIX: November 17, 2018All architectures
A recent change to POSIX file locks could cause incorrect results
--- 328,334 ----
! 023: RELIABILITY FIX: November 17, 2018All architectures
A recent change to POSIX file locks could cause incorrect results
***************
*** 364,371 ****
!
! 024: SECURITY FIX: November 29, 2018All architectures
Various overflows exist in perl.
--- 339,345 ----
! 024: SECURITY FIX: November 29, 2018All architectures
Various overflows exist in perl.
***************
*** 375,382 ****
!
! 025: RELIABILITY FIX: November 29, 2018All architectures
UNIX domain sockets leak kernel memory with MSG_PEEK on SCM_RIGHTS, or can
--- 349,355 ----
! 025: RELIABILITY FIX: November 29, 2018All architectures
UNIX domain sockets leak kernel memory with MSG_PEEK on SCM_RIGHTS, or can
***************
*** 387,394 ****
!
! 026: RELIABILITY FIX: December 20, 2018All architectures
While recv(2) with the MSG_WAITALL flag was receiving control
--- 360,366 ----
! 026: RELIABILITY FIX: December 20, 2018All architectures
While recv(2) with the MSG_WAITALL flag was receiving control
***************
*** 399,406 ****
!
! 027: SECURITY FIX: December 22, 2018All architectures
The setsockopt(2) system call could overflow mbuf cluster kernel
--- 371,377 ----
! 027: SECURITY FIX: December 22, 2018All architectures
The setsockopt(2) system call could overflow mbuf cluster kernel
***************
*** 411,418 ****
!
! 028: SECURITY FIX: February 5, 2019All architectures
The mincore() system call can be used to observe memory access patterns
--- 382,388 ----
! 028: SECURITY FIX: February 5, 2019All architectures
The mincore() system call can be used to observe memory access patterns
***************
*** 423,430 ****
!
! 029: RELIABILITY FIX: February 5, 2019All architectures
Missing length checks in the NFS server and client can lead to crashes
--- 393,399 ----
! 029: RELIABILITY FIX: February 5, 2019All architectures
Missing length checks in the NFS server and client can lead to crashes
***************
*** 435,442 ****
!
! 030: SECURITY FIX: March 1, 2019All architectures
Fragmented IPv6 packets may be erroneously passed by pf or lead to a crash.
--- 404,410 ----
! 030: SECURITY FIX: March 1, 2019All architectures
Fragmented IPv6 packets may be erroneously passed by pf or lead to a crash.
***************
*** 446,453 ****
!
! 031: SECURITY FIX: March 22, 2019All architectures
A state in pf could pass ICMP packets to a destination IP address
--- 414,420 ----
! 031: SECURITY FIX: March 22, 2019All architectures
A state in pf could pass ICMP packets to a destination IP address
***************
*** 458,465 ****
!
! 032: SECURITY FIX: March 27, 2019amd64 and i386
GDT and IDT limits were improperly restored during VMM context switches.
--- 425,431 ----
! 032: SECURITY FIX: March 27, 2019amd64 and i386
GDT and IDT limits were improperly restored during VMM context switches.
***************
*** 469,476 ****
!
! 033: RELIABILITY FIX: May 3, 2019All architectures
If a userland program sets the IPv6 checksum offset on a raw socket,
--- 435,441 ----
! 033: RELIABILITY FIX: May 3, 2019All architectures
If a userland program sets the IPv6 checksum offset on a raw socket,
***************
*** 483,488 ****