#
279264 |
|
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so
|
#
273415 |
|
21-Oct-2014 |
delphij |
Fix rtsold(8) remote buffer overflow vulnerability. [SA-14:20]
Fix routed(8) remote denial of service vulnerability. [SA-14:21]
Fix memory leak in sandboxed namei lookup. [SA-14:22]
Fix OpenSSL multiple vulnerabilities. [SA-14:23]
Approved by: so
|
#
260405 |
|
07-Jan-2014 |
delphij |
MFS r260404 (MFC r260403 (MFV r260399)):
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353). 3462896 For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. (CVE-2013-6450). ca98926 When deciding whether to use TLS 1.2 PRF and record hash algorithms use the version number in the corresponding SSL_METHOD structure instead of the SSL structure. The SSL structure version is sometimes inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already. (CVE-2013-6449).
Security: CVE-2013-4353 Security: CVE-2013-6449 Security: CVE-2013-6450 Approved by: re (gjb)
|
#
279264 |
|
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so
|
#
273415 |
|
21-Oct-2014 |
delphij |
Fix rtsold(8) remote buffer overflow vulnerability. [SA-14:20]
Fix routed(8) remote denial of service vulnerability. [SA-14:21]
Fix memory leak in sandboxed namei lookup. [SA-14:22]
Fix OpenSSL multiple vulnerabilities. [SA-14:23]
Approved by: so
|
#
260405 |
|
07-Jan-2014 |
delphij |
MFS r260404 (MFC r260403 (MFV r260399)):
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353). 3462896 For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. (CVE-2013-6450). ca98926 When deciding whether to use TLS 1.2 PRF and record hash algorithms use the version number in the corresponding SSL_METHOD structure instead of the SSL structure. The SSL structure version is sometimes inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already. (CVE-2013-6449).
Security: CVE-2013-4353 Security: CVE-2013-6449 Security: CVE-2013-6450 Approved by: re (gjb)
|