aboutsummaryrefslogtreecommitdiff
path: root/sys
Commit message (Collapse)AuthorAgeFilesLines
* Fix multiple vulnerabilities of ntp.releng/9.3Xin LI2016-12-221-1/+1
| | | | | | | Approved by: so Notes: svn path=/releng/9.3/; revision=310419
* Merge r309688: address regressions in SA-16:37.libc.Gleb Smirnoff2016-12-071-1/+1
| | | | | | | | | PR: 215105 Submitted by: <jtd2004a sbcglobal.net> Approved by: so Notes: svn path=/releng/9.3/; revision=309697
* Fix possible login(1) argument injection in telnetd(8). [SA-16:36]Gleb Smirnoff2016-12-061-1/+1
| | | | | | | | | | | | | | | Fix link_ntoa(3) buffer overflow in libc. [SA-16:37] Fix warnings about valid time zone abbreviations. [EN-16:19] Update timezone database information. [EN-16:20] Security: FreeBSD-SA-16:36.telnetd Security: FreeBSD-SA-16:37.libc Errata Notice: FreeBSD-EN-16:19.tzcode Errata Notice: FreeBSD-EN-16:20.tzdata Approved by: so Notes: svn path=/releng/9.3/; revision=309637
* Fix BIND remote Denial of Service vulnerability. [SA-16:34]Xin LI2016-11-021-1/+1
| | | | | | | | | | | Fix OpenSSL remote DoS vulnerability. [SA-16:35] Security: FreeBSD-SA-16:34.bind Security: FreeBSD-SA-16:35.openssl Approved by: so Notes: svn path=/releng/9.3/; revision=308205
* Revised SA-16:15. The initial patch didn't cover all possible overflowsGleb Smirnoff2016-10-252-2/+5
| | | | | | | | | | based on passing incorrect parameters to sysarch(2). Security: SA-16:15 Approved by: so Notes: svn path=/releng/9.3/; revision=307931
* Fix BIND remote Denial of Service vulnerability. [SA-16:28]Xin LI2016-10-101-1/+1
| | | | | | | | | | | Fix bspatch heap overflow vulnerability. [SA-16:29] Fix multiple portsnap vulnerabilities. [SA-16:30] Approved by: so Notes: svn path=/releng/9.3/; revision=306942
* Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:Xin LI2016-09-261-1/+1
| | | | | | | | | | | | | | | Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()"). This fixes a regression introduced in SA-16:26.openssl. Submitted by: jkim PR: 212921 Approved by: so Notes: svn path=/releng/9.3/; revision=306336
* Fix multiple OpenSSL vulnerabilitites.Xin LI2016-09-231-1/+1
| | | | | | | | Approved by: so Security: FreeBSD-SA-16:26.openssl Notes: svn path=/releng/9.3/; revision=306230
* Fix bspatch heap overflow vulnerability. [SA-16:25]Xin LI2016-07-251-1/+1
| | | | | | | | | | Fix freebsd-update(8) support of FreeBSD 11.0 release distribution. [EN-16:09] Approved by: so Notes: svn path=/releng/9.3/; revision=303304
* Fix multiple ntp vulnerabilities.Xin LI2016-06-041-1/+1
| | | | | | | | Security: FreeBSD-SA-16:24.ntp Approved by: so Notes: svn path=/releng/9.3/; revision=301301
* Fix kernel stack disclosure in Linux compatibility layer. [SA-16:20]Gleb Smirnoff2016-05-314-1/+5
| | | | | | | | | | | Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21] Security: SA-16:20 Security: SA-16:21 Approved by: so Notes: svn path=/releng/9.3/; revision=301049
* - Use unsigned version of min() when handling arguments of SETFKEY ioctl.Gleb Smirnoff2016-05-172-2/+2
| | | | | | | | | | | | | | | - Validate that user supplied control message length in sendmsg(2) is not negative. Security: SA-16:18 Security: CVE-2016-1886 Security: SA-16:19 Security: CVE-2016-1887 Submitted by: C Turt <cturt hardenedbsd.org> Approved by: so Notes: svn path=/releng/9.3/; revision=300088
* Fix multiple OpenSSL vulnerabilitites. [SA-16:17]Xin LI2016-05-042-1/+2
| | | | | | | | | Fix memory leak in ZFS. [EN-16:08] Approved by: so Notes: svn path=/releng/9.3/; revision=299068
* Fix ntp multiple vulnerabilities.Xin LI2016-04-291-1/+1
| | | | | | | Approved by: so Notes: svn path=/releng/9.3/; revision=298770
* o Fix OpenSSH xauth(1) command injection. [SA-16:14]Gleb Smirnoff2016-03-162-3/+3
| | | | | | | | | | | o Fix incorrect argument validation in sysarch(2). [SA-16:15] Security: FreeBSD-SA-16:14.openssh-xauth, CVE-2016-3115 Security: FreeBSD-SA-16:15.sysarch, CVE-2016-1885 Approved by: so Notes: svn path=/releng/9.3/; revision=296953
* Fix multiple vulnerabilities of BIND. [SA-16:13]Xin LI2016-03-101-1/+1
| | | | | | | | | Fix a regression with OpenSSL patch. [SA-16:12] Approved by: so Notes: svn path=/releng/9.3/; revision=296611
* Fix multiple OpenSSL vulnerabilities.Xin LI2016-03-071-1/+1
| | | | | | | | Security: FreeBSD-SA-16:12.openssl Approved by: so Notes: svn path=/releng/9.3/; revision=296465
* Fix OpenSSL SSLv2 ciphersuite downgrade vulnerability.Xin LI2016-01-301-1/+1
| | | | | | | | | Security: CVE-2015-3197 Security: FreeBSD-SA-16:11.openssl Approved by: so Notes: svn path=/releng/9.3/; revision=295061
* Fix BIND remote denial of service vulnerability. [SA-16:08]Xin LI2016-01-273-3/+7
| | | | | | | | | | | | | | | Fix multiple vulnerabilities of ntp. [SA-16:09] Fix Linux compatibility layer issetugid(2) system call vulnerability. [SA-16:10] Security: FreeBSD-SA-16:08.bind Security: FreeBSD-SA-16:09.ntp Security: FreeBSD-SA-16:10.linux Approved by: so Notes: svn path=/releng/9.3/; revision=294905
* Fix OpenSSH client information leak.Gleb Smirnoff2016-01-141-1/+1
| | | | | | | | | Security: SA-16:07.openssh Security: CVE-2016-0777 Approved by: so Notes: svn path=/releng/9.3/; revision=294054
* o Fix invalid TCP checksums with pf(4). [EN-16:02.pf]Gleb Smirnoff2016-01-1417-66/+124
| | | | | | | | | | | | | | | | | | | | | | | o Fix YP/NIS client library critical bug. [EN-16:03.yplib] o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp] o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp] o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux] o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux] o Fix TCP MD5 signature denial of service. [SA-16:05.tcp] o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd] Errata: FreeBSD-EN-16:02.pf Errata: FreeBSD-EN-16:03.yplib Security: FreeBSD-SA-16:01.sctp, CVE-2016-1879 Security: FreeBSD-SA-16:02.ntp, CVE-2015-5300 Security: FreeBSD-SA-16:03.linux, CVE-2016-1880 Security: FreeBSD-SA-16:04.linux, CVE-2016-1881 Security: FreeBSD-SA-16:05.tcp, CVE-2016-1882 Security: FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677 Approved by: so Notes: svn path=/releng/9.3/; revision=293896
* Fix BIND remote denial of service vulnerability. [SA-15:27]Xin LI2015-12-161-1/+1
| | | | | | | | | Security: FreeBSD-SA-15:27.bind Security: CVE-2015-8000 Approved by: so Notes: svn path=/releng/9.3/; revision=292321
* Fix OpenSSL multiple vulnerabilities.Xin LI2015-12-051-1/+1
| | | | | | | | Security: FreeBSD-SA-15:26.openssl Approved by: so Notes: svn path=/releng/9.3/; revision=291854
* o Fix regressions related to SA-15:25 upgrade of NTP. [1]Gleb Smirnoff2015-11-043-13/+8
| | | | | | | | | | | | | | | o Fix kqueue write events never fired for files greater 2GB. [2] o Fix kpplications exiting due to segmentation violation on a correct memory address. [3] PR: 204046 [1] PR: 204203 [1] Errata Notice: FreeBSD-EN-15:19.kqueue [2] Errata Notice: FreeBSD-EN-15:20.vm [3] Approved by: so Notes: svn path=/releng/9.3/; revision=290363
* Upgrade NTP to 4.2.8p4.Gleb Smirnoff2015-10-261-1/+1
| | | | | | | | | | | | | | | | | | | | | Security: FreeBSD-SA-15:25.ntp Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Approved by: so Notes: svn path=/releng/9.3/; revision=290001
* Fix a regression with SA-15:24 patch that prevented NIS fromXin LI2015-10-021-1/+1
| | | | | | | | | working. Approved by: so Notes: svn path=/releng/9.3/; revision=288512
* The Sun RPC framework uses a netbuf structure to represent theXin LI2015-09-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | transport specific form of a universal transport address. The structure is expected to be opaque to consumers. In the current implementation, the structure contains a pointer to a buffer that holds the actual address. In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon. Fix this by making a copy of the buffer that is going to be freed instead of doing a shallow copy. Security: FreeBSD-SA-15:24.rpcbind Security: CVE-2015-7236 Approved by: so Notes: svn path=/releng/9.3/; revision=288385
* Implement pubkey support for pkg(7) bootstrap. [EN-15:18]Xin LI2015-09-161-1/+1
| | | | | | | Approved by: so Notes: svn path=/releng/9.3/; revision=287873
* Fix remote denial of service vulnerability when parsing malformedXin LI2015-09-021-1/+1
| | | | | | | | | | | key. Security: CVE-2015-5722 Security: FreeBSD-SA-15:23.bind Approved by: so Notes: svn path=/releng/9.3/; revision=287410
* Fix local privilege escalation in IRET handler. [SA-15:21]Xin LI2015-08-254-5/+9
| | | | | | | | | | | | Fix OpenSSH multiple vulnerabilities. [SA-15:22] Fix insufficient check of unsupported pkg(7) signature methods. [EN-15:15] Approved by: so Notes: svn path=/releng/9.3/; revision=287147
* Fix multiple integer overflows in expat.Xin LI2015-08-181-1/+1
| | | | | | | | | Security: CVE-2015-1283 Security: FreeBSD-SA-15:20.expat Approved by: so Notes: svn path=/releng/9.3/; revision=286902
* Fix routed remote denial of service vulnerability. [SA-15:19]Xin LI2015-08-051-1/+1
| | | | | | | Approved by: so Notes: svn path=/releng/9.3/; revision=286352
* Fix resource exhaustion in TCP reassembly. [SA-15:15]Xin LI2015-07-284-43/+28
| | | | | | | | | | | Fix OpenSSH multiple vulnerabilities. [SA-15:16] Fix BIND remote denial of service vulnerability. [SA-15:17] Approved by: so Notes: svn path=/releng/9.3/; revision=285980
* Fix resource exhaustion due to sessions stuck in LAST_ACK state.Xin LI2015-07-212-3/+10
| | | | | | | | | | Security: CVE-2015-5358 Security: SA-15:13.tcp Submitted by: Jonathan Looney (Juniper SIRT) Approved by: so Notes: svn path=/releng/9.3/; revision=285780
* Fix BIND resolver remote denial of service when validating.Xin LI2015-07-071-1/+1
| | | | | | | | | Security: CVE-2015-4620 Security: FreeBSD-SA-15:11.bind Approved by: so Notes: svn path=/releng/9.3/; revision=285258
* [EN-15:08] Revised: Improvements to sendmail TLS/DH interoperability.Xin LI2015-06-301-1/+1
| | | | | | | | | [EN-15:09] Fix inconsistency between locale and rune locale states. Approved by: so Notes: svn path=/releng/9.3/; revision=284986
* Raise the default for sendmail client connections to 1024-bit DHXin LI2015-06-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | parameters to imporve TLS/DH interoperability with newer SSL/TLS suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD- SA-15:10.openssl). This is MFC of r284436 (gshapiro), the original commit message was: === The import of openssl to address the FreeBSD-SA-15:10.openssl security advisory includes a change which rejects handshakes with DH parameters below 768 bits. sendmail releases prior to 8.15.2 (not yet released), defaulted to a 512 bit DH parameter setting for client connections. This commit chages that default to 1024 bits. sendmail 8.15.2, when released well use a default of 2048 bits. === Reported by: Frank Seltzer Errata Notice: FreeBSD-EN-15:08.sendmail Approved by: so Notes: svn path=/releng/9.3/; revision=284536
* Fix OpenSSL multiple vulnerabilities.Xin LI2015-06-121-1/+1
| | | | | | | | Security: FreeBSD-SA-15:10.openssl Approved by: so Notes: svn path=/releng/9.3/; revision=284295
* Update base system file(1) to 5.22 to address multiple denial ofXin LI2015-06-091-1/+1
| | | | | | | | | service issues. [EN-15:06] Approved by: so Notes: svn path=/releng/9.3/; revision=284194
* Fix bug with freebsd-update(8) that does not ensure the previousXin LI2015-05-131-1/+1
| | | | | | | | | upgrade was completed. [EN-15:04] Approved by: so Notes: svn path=/releng/9.3/; revision=282874
* Improve patch for SA-15:04.igmp to solve a potential buffer overflow.Xin LI2015-04-073-7/+14
| | | | | | | | | | | Fix multiple vulnerabilities of ntp. [SA-15:07] Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09] Approved by: so Notes: svn path=/releng/9.3/; revision=281233
* Fix issues with original SA-15:06.openssl commit:Xin LI2015-03-201-1/+1
| | | | | | | | | | | | - Revert a portion of ASN1 change per suggested by OpenBSD and OpenSSL developers. The change was removed from the formal OpenSSL release and does not solve security issue. - Properly fix CVE-2015-0209 and CVE-2015-0288. Approved by: so Notes: svn path=/releng/9.3/; revision=280275
* Fix multiple OpenSSL vulnerabilities.Xin LI2015-03-191-1/+1
| | | | | | | | | | | | | | Security: FreeBSD-SA-15:06.openssl Security: CVE-2015-0209 Security: CVE-2015-0286 Security: CVE-2015-0287 Security: CVE-2015-0288 Security: CVE-2015-0289 Security: CVE-2015-0293 Approved by: so Notes: svn path=/releng/9.3/; revision=280267
* Fix integer overflow in IGMP protocol. [SA-15:04]Xin LI2015-02-253-8/+11
| | | | | | | | | | | | | | | Fix BIND remote denial of service vulnerability. [SA-15:05] Fix vt(4) crash with improper ioctl parameters. [EN-15:01] Updated base system OpenSSL to 0.9.8zd. [EN-15:02] Fix freebsd-update libraries update ordering issue. [EN-15:03] Approved by: so Notes: svn path=/releng/9.3/; revision=279265
* Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerabilityXin LI2015-01-273-18/+48
| | | | | | | | | | | | | and SCTP stream reset vulnerability. Security: FreeBSD-SA-15:02.kmem Security: CVE-2014-8612 Security: FreeBSD-SA-15:03.sctp Security: CVE-2014-8613 Approved by: so Notes: svn path=/releng/9.3/; revision=277808
* Fix multiple vulnerabilities in OpenSSL. [SA-15:01]Xin LI2015-01-141-1/+1
| | | | | | | Approved by: so Notes: svn path=/releng/9.3/; revision=277195
* [SA-14:31] Fix multiple vulnerabilities in NTP suite.Dag-Erling Smørgrav2014-12-231-1/+1
| | | | | | | | | [EN-14:13] Fix directory deletion issue in freebsd-update. Approved by: so Notes: svn path=/releng/9.3/; revision=276157
* Fix multiple vulnerabilities in file(1) and libmagic(3).Xin LI2014-12-101-1/+1
| | | | | | | | | | | | | | | Security: FreeBSD-SA-14:28.file Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117 Fix BIND remote denial of service vulnerability. Security: FreeBSD-SA-14:29.bind Security: CVE-2014-8500 Approved by: so Notes: svn path=/releng/9.3/; revision=275672
* [SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2).Dag-Erling Smørgrav2014-11-043-16/+18
| | | | | | | | | | [SA-14:26] Fix remote command execution in ftp(1). [EN-14:12] Fix NFSv4 and ZFS cache consistency issue. Approved by: so (des) Notes: svn path=/releng/9.3/; revision=274114
* Time zone data file update. [EN-14:10]Xin LI2014-10-211-1/+1
| | | | | | | | | Change crypt(3) default hashing algorithm back to DES. [EN-14:11] Approved by: so Notes: svn path=/releng/9.3/; revision=273438
generated by cgit v1.3 (git 2.53.0) at 2026-04-17 17:38:28 +0000