src/sys, branch releng/8.1 FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F8.1 2012-08-06T21:33:11Z Fix named(8) DNSSEC validation Denial of Service. 2012-08-06T21:33:11Z Simon L. B. Nielsen simon@FreeBSD.org 2012-08-06T21:33:11Z urn:sha1:e39869bfb92f16f23b6f271a0ba8a46a23020518 Security: FreeBSD-SA-12:05.bind Security: CVE-2012-3817 Obtained from: ISC Approved by: so (simon) Add UPDATING and newvers.sh information for the FreeBSD-SA-12:04.sysret 2012-06-18T21:00:54Z Simon L. B. Nielsen simon@FreeBSD.org 2012-06-18T21:00:54Z urn:sha1:5c8a7533b1866d2a801a68a1b622008614dc3544 correction. Approved by: so (simon) Correct the patch for FreeBSD-SA-12:04.sysret for releng/8.1 where it 2012-06-18T20:48:21Z Simon L. B. Nielsen simon@FreeBSD.org 2012-06-18T20:48:21Z urn:sha1:7a395ce1678e7d16ed5027e23d660cbdde83e505 was accidently applied to the wrong location. Reported by: Steven Chamberlain <steven@pyro.eu.org> Reviewed by: jhb, kib Security: FreeBSD-SA-12:04.sysret Approved by: so (simon) Fix a problem where zero-length RDATA fields can cause named(8) to crash. 2012-06-12T12:10:10Z Bjoern A. Zeeb bz@FreeBSD.org 2012-06-12T12:10:10Z urn:sha1:5c96f75b591dd1e67de381c69a98fc2bb5ceb89e [12:03] Correct a privilege escalation when returning from kernel if running FreeBSD/amd64 on non-AMD processors. [12:04] Fix reference count errors in IPv6 code. [EN-12:02] Security: CVE-2012-1667 Security: FreeBSD-SA-12:03.bind Security: CVE-2012-0217 Security: FreeBSD-SA-12:04.sysret Security: FreeBSD-EN-12:02.ipv6refcount Approved by: so (simon, bz) Update the previous openssl fix. [12:01] 2012-05-30T12:01:28Z Bjoern A. Zeeb bz@FreeBSD.org 2012-05-30T12:01:28Z urn:sha1:2e67fa5ec8b34744d209a7ede5dda7edef14a00e Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon) Fix multiple OpenSSL vulnerabilities. 2012-05-03T15:25:11Z Bjoern A. Zeeb bz@FreeBSD.org 2012-05-03T15:25:11Z urn:sha1:51b069ec20bf584b4092133eb85912316b328ab0 Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109 Security: CVE-2012-0884, CVE-2012-2110 Security: FreeBSD-SA-12:01.openssl Approved by: so (bz,simon) Extend the character set accepted by freebsd-update(8) in file 2012-01-04T23:47:20Z Colin Percival cperciva@FreeBSD.org 2012-01-04T23:47:20Z urn:sha1:b12d946ac4405292a5881cfa55f4251f734635f5 names in order to allow upgrades to FreeBSD 9.0-RELEASE. Approved by: so (cperciva) Errata Notice: FreeBSD-EN-12:01.freebsd-update Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06] 2011-12-23T15:00:37Z Colin Percival cperciva@FreeBSD.org 2011-12-23T15:00:37Z urn:sha1:795d49c5e0f91633fcd118c32d4adff995fdbd00 Add an API for alerting internal libc routines to the presence of "unsafe" paths post-chroot, and use it in ftpd. [11:07] Fix a buffer overflow in telnetd. [11:08] Make pam_ssh ignore unpassphrased keys unless the "nullok" option is specified. [11:09] Add sanity checking of service names in pam_start. [11:10] Approved by: so (cperciva) Approved by: re (bz) Security: FreeBSD-SA-11:06.bind Security: FreeBSD-SA-11:07.chroot Security: FreeBSD-SA-11:08.telnetd Security: FreeBSD-SA-11:09.pam_ssh Security: FreeBSD-SA-11:10.pam Fix a bug in UNIX socket handling in the linux emulator which was 2011-10-04T19:07:38Z Colin Percival cperciva@FreeBSD.org 2011-10-04T19:07:38Z urn:sha1:7f3836953fe55f9a187459618933cb8ee0defe9e exposed by the security fix in FreeBSD-SA-11:05.unix. Approved by: so (cperciva) Approved by: re (kib) Security: Related to FreeBSD-SA-11:05.unix, but not actually a security fix. Fix handling of corrupt compress(1)ed data. [11:04] 2011-09-28T08:47:17Z Bjoern A. Zeeb bz@FreeBSD.org 2011-09-28T08:47:17Z urn:sha1:06b13deee0aa97e88116949eff30f8e62125dc17 Add missing length checks on unix socket addresses. [11:05] Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-11:04.compress Security: CVE-2011-2895 [11:04] Security: FreeBSD-SA-11:05.unix