Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Branch: releng/5.3
Commits on Sep 30, 2006
  1. @simonlbn

    Correct multiple vulnerabilities in OpenSSH.

    simonlbn authored
    Security:	FreeBSD-SA-06:22.openssh
    Approved by:	so (simon)
Commits on Sep 29, 2006
  1. @cperciva

    Correct problem in the 2006-09-28 patch concerning the handling of

    cperciva authored
    excessively large DH moduli.
    
    Reported by:	Steve Kiernan (Juniper SIRT)
    Security:	FreeBSD-SA-06:23.openssl
    Approved by:	so (cperciva)
Commits on Sep 28, 2006
  1. @cperciva

    Correct multiple vulnerabilities in crypto(3).

    cperciva authored
    Limit the size of public keys used in order to protect applications
    from a denial of service via insane key sizes.
    
    Security:	FreeBSD-SA-06:23.openssl
    Approved by:	so (cperciva)
Commits on Sep 19, 2006
  1. @simonlbn

    Correct multiple vulnerabilities in gzip(1).

    simonlbn authored
    Security:	FreeBSD-SA-06:21.gzip
    Approved by:	so (simon)
Commits on Sep 6, 2006
  1. @simonlbn

    Correct incorrect PKCS#1 v1.5 padding validation in crypto(3). [1]

    simonlbn authored
    Correct multiple denial-of-service vulnerabilities in BIND related to
    SIG Query Processing and Excessive Recursive Queries. [2]
    
    Security:	FreeBSD-SA-06:19.openssl [1]
    Security:	FreeBSD-SA-06:20.bind [2]
    Approved by:	so (simon)
Commits on Aug 23, 2006
  1. @cperciva

    Correct buffer overflow in the handling of LCP options in ppp(4)

    cperciva authored
    Security:	FreeBSD-SA-06:18.ppp
    Approved by:	so (cperciva)
Commits on Jun 14, 2006
  1. @cperciva

    Correct a bug in the handling of multipart messages by sendmail(8)

    cperciva authored
    which can allow a malformed message to crash a sendmail queue
    processing process.
    
    Security:	FreeBSD-SA-06:17.sendmail
    Approved by:	so (cperciva)
Commits on May 31, 2006
  1. @cperciva

    Enable inadvertantly disabled "securenet" access controls in ypserv. [1]

    cperciva authored
    Correct a bug in the handling of backslash characters in smbfs which can
    allow an attacker to escape from a chroot(2). [2]
    
    Approved by:	so (cperciva)
    Security:	FreeBSD-SA-06:15.ypserv [1]
    Security:	FreeBSD-SA-06:16.smbfs [2]
Commits on Apr 19, 2006
  1. @cperciva

    MFC: Correct a local information leakage bug affecting AMD FPUs.

    cperciva authored
    Security:	FreeBSD-SA-06:14.fpu
    Approved by:	so (cperciva)
Commits on Mar 22, 2006
  1. @cperciva

    Add missing code needed for the detection of IPSec packet replays. [1]

    cperciva authored
    Correctly identify the user running opiepasswd(1) when the login name
    differs from the account name. [2]
    
    Modify timeout handling logic in sendmail(8) to correct a reported
    signal handling race condition. [3]
    
    Approved by:	so (cperciva)
    Security:	FreeBSD-SA-06:11.ipsec [1]
    Security:	FreeBSD-SA-06:12.opie [2]
    Security:	FreeBSD-SA-06:13.sendmail [3]
Commits on Mar 1, 2006
  1. @simonlbn

    Correct a remote DoS in OpenSSH when using PAM and privilege

    simonlbn authored
    separation. [06:09]
    
    Submitted by:	des
    
    Correct a remote kernel panic when processing zero-length RPC records
    via TCP. [06:10]
    
    Security:	FreeBSD-SA-06:09.openssh
    Security:	FreeBSD-SA-06:10.nfs
    Approved by:	so (cperciva)
Commits on Feb 1, 2006
  1. @cperciva

    MFRELENG_5 sys/netinet/tcp_sack.c rev. 1.3.2.10:

    cperciva authored
      Avoid an infinite loop in sack scoreboard processing when the per-hole
      limits or global scoreboard limits are reached, or when memory
      exhaustion occurs. This can occur when an existing hole fails to be
      split due to limits or memory exhaustion.
    
    Security:	FreeBSD-SA-06:08.sack
    Approved by:	so (cperciva)
Commits on Jan 25, 2006
  1. @cperciva

    MFC rev. 1.16 of sys/contrib/pf/net/pf_norm.c: Correct an error in pf

    cperciva authored
    handling of IP packet fragments which could result in a kernel panic.
    
    Security:	FreeBSD-SA-06:07.pf
    Approved by:	so (cperciva)
Commits on Jan 11, 2006
  1. @cperciva

    Correct insecure temporary file usage in texindex. [06:01]

    cperciva authored
    Correct insecure temporary file usage in ee. [06:02]
    Correct a race condition when setting file permissions, sanitize file
    names by default, and fix a buffer overflow when handling files
    larger than 4GB in cpio. [06:03]
    
    Security:	FreeBSD-SA-06:01.texindex
    Security:	FreeBSD-SA-06:02.ee
    Security:	FreeBSD-SA-06:03.cpio
    Approved by:	so (cperciva)
Commits on Oct 11, 2005
  1. @cperciva

    Correct a man-in-the-middle SSL version rollback vulnerability.

    cperciva authored
    Security:       FreeBSD-SA-05:21.openssl
    Approved by:    so@ (cperciva)
Commits on Sep 9, 2005
  1. @cperciva

    Fix an additional temporary file usage bogon which was apparently fixed

    cperciva authored
    but not MFCed to RELENG_5_3 earlier.
    
    Approved by:	so (cperciva)
    Security:	FreeBSD-SA-05:20.cvsbug
Commits on Sep 7, 2005
  1. @cperciva

    MFC: Correct insecure temporary file usage.

    cperciva authored
    Security:	FreeBSD-SA-05:20.cvsbug
    Approved by:	so (cperciva)
Commits on Jul 27, 2005
  1. @cperciva

    Correct a buffer overflow which can occur when decompressing a

    cperciva authored
    carefully crafted deflated data stream. [1]
    
    Correct problems in the AES-XCBC-MAC IPsec authentication algorithm. [2]
    
    Submitted by:   suz [2]
    Security:       FreeBSD-SA-05:18.zlib [1], FreeBSD-SA-05:19.ipsec [2]
    Approved by:	so (cperciva)
Commits on Jul 20, 2005
  1. @simonlbn

    MFC rev 1.116 of src/sys/fs/devfs/devfs_vnops.c:

    simonlbn authored
      Correct devfs ruleset bypass.
    
    Correct typo in p18 entry, zlib advisory was FreeBSD-SA-05:16.zlib.
    
    Submitted by:	csjp
    Reviewed by:	phk
    Security:	FreeBSD-SA-05:17.devfs
    Approved by:	so (cperciva)
Commits on Jul 6, 2005
  1. @cperciva

    MFC rev. 1.6 of src/lib/libz/inftrees.c:

    cperciva authored
      Correct a buffer overflow which occurred in the handling of some
      particularly corrupt deflated data streams.
    
    Security:	FreeBSD-SA-05:16.zlib
    Approved by:	so (cperciva)
Commits on Jun 29, 2005
  1. @simonlbn

    Correct bzip2 denial of service and permission race vulnerabilities.

    simonlbn authored
    Obtained from:	Redhat, Steve Grubb via RedHat
    Security:	CAN-2005-0953, CAN-2005-1260
    Security:	FreeBSD-SA-05:14.bzip2
    Approved by:	obrien
    
    Correct TCP connection stall denial-of-service vulnerabilities.
    
    MFC: rev 1.270 of tcp_input.c, rev 1.25 of tcp_seq.h by ps: When a TCP
    packets containing a timestamp is received, inadequate checking of
    sequence numbers is performed, allowing an attacker to artificially
    increase the internal "recent" timestamp for a connection.
    
    A TCP packets with the SYN flag set is accepted for established
    connections, allowing an attacker to overwrite certain TCP options.
    
    Security:	CAN-2005-0356, CAN-2005-2068
    Security:	FreeBSD-SA-05:15.tcp
    
    Approved by:	so (cperciva)
Commits on Jun 8, 2005
  1. @simonlbn

    Correct several denial-of-service vulnerabilities in tcpdump.

    simonlbn authored
    Security:	FreeBSD-SA-05:10.tcpdump
    Security:	CAN-2005-1267, CAN-2005-1278, CAN-2005-1279, CAN-2005-1280
    Obtained from:	tcpdump.org
    
    Correct directory traversal and race condition vulnerabilities in gzip.
    
    Security:	FreeBSD-SA-05:11.gzip
    Security:	CAN-2005-0988, CAN-2005-1228
    Obtained from:	Steve Grubb via RedHat, Debian
    
    Correct BIND 9 DNSSEC remote denial of service vulnerability.
    
    Security:	FreeBSD-SA-05:12.bind9
    Security:	CAN-2005-0034
    Obtained from:	ISC
    Submitted by:	trhodes
    
    Approved by:	so (nectar, cperciva)
Commits on May 13, 2005
  1. Add a knob for disabling/enabling HTT, "machdep.hyperthreading_allowed".

    nectar authored
    Default off due to information disclosure on multi-user systems.
    
    Submitted by:	cperciva
    Reviewed by:	jhb
    Approved by:	security-officer
Commits on May 8, 2005
  1. @cperciva

    MFC: Fix two issues which were missed in FreeBSD-SA-05:08.kmem.

    cperciva authored
    Reported by:	Uwe Doering
    Approved by:	so (cperciva)
Commits on May 6, 2005
  1. @cperciva

    If we are going to

    cperciva authored
    1. Copy a NULL-terminated string into a fixed-length buffer, and
    2. copyout that buffer to userland,
    we really ought to
    0. Zero the entire buffer
    first.
    
    Security: FreeBSD-SA-05:08.kmem
    Approved by: so (cperciva)
  2. @cperciva

    Correctly validate inputs to the i386_get_ldt syscall.

    cperciva authored
    Security: FreeBSD-SA-05:07.ldt
    Approved by: so (cperciva)
  3. @cperciva

    Correct improper permissions on /dev/iir. The earlier permissions

    cperciva authored
    of 0644 allowed for people to do Evil Things via ioctl(2).
    
    Security: FreeBSD-SA-05:06.iir
    Approved by: so (cperciva)
Commits on Apr 22, 2005
  1. @simonlbn

    MFC:

    simonlbn authored
    Correct multiple security related errors: a buffer overflow, NULL
    pointer dereferences, possible use of uninitialized variables, and
    memory leaks.
    
    Security:	CAN-2005-0753
    Security:	FreeBSD-SA-05:05.cvs
    Approved by:	so (cperciva)
Commits on Apr 15, 2005
  1. @cperciva

    Zero the ifr.ifr_name buffer in ifconf() in order to avoid

    cperciva authored
    accidental disclosure of kernel memory to userland.
    
    Security:	FreeBSD-SA-05:04.ifconf
    Approved by:	so (cperciva)
Commits on Apr 6, 2005
  1. @cperciva

    Fully initialize the required TSS fields so that the io permission

    cperciva authored
    bitmap is set correctly.
    
    Patch from:	peter
    Security:	FreeBSD-SA-05:03.amd64
    Approved by:	so (cperciva)
Commits on Apr 4, 2005
  1. @cperciva

    MFC revision 1.103.

    cperciva authored
    Security:	FreeBSD-SA-05:02.sendfile
    Approved by:	so (nectar)
Commits on Mar 28, 2005
  1. MFC src/contrib/telnet/telnet.c 1.16: Correct buffer overflows in

    nectar authored
    telnet(1).
    Security: CAN-2005-0468, CAN-2005-0469
    Approved by:	security-officer
Commits on Jan 16, 2005
  1. MFR5 for FreeBSD-EN-05:03.ipi

    kensmith authored
    From commit to RELENG_5:
      MFC IPI panic fix done by Stephan Uphoff:
              sys/i386/i386/apic_vector.s     1.101 -> 1.102
              sys/i386/i386/mp_machdep.c      1.241 -> 1.243
              sys/i386/include/apicvar.h      1.8 -> 1.9
              sys/i386/include/smp.h          1.78 -> 1.79
    
      To quote the original commit message:
              Avoid more than two pending IPI interrupt vectors per local APIC
              as this may cause deadlocks.
    
              This should fix kern/72123.
    
              Discussed with: jhb
              Tested by: Nik Azim Azam, Andy Farkas, Flack Man, Aykut KARA
                         Izzet BESKARDES, Jens Binnewies, Karl Keusgen
    
      Discussed with: ups
      Reviewed by:    jhb
    
    Versions being merged from RELENG_5:
    
      src/sys/i386/i386/apic_vector.s	1.101.2.1
      src/sys/i386/i386/mp_machdep.c	1.235.2.4
      src/sys/i386/include/apicvar.h	1.8.2.1
      src/sys/i386/include/smp.h		1.78.2.1
    
    Approved by:	so (nectar)
Commits on Jan 6, 2005
  1. Merge from RELENG_5 if_sk.c 1.83.2.3 1.83.2.4, if_skreg.h 1.20.2.3:

    nectar authored
    Correct bugs in the sk(4) network driver that could result in
    data corruption and system crashes on SMP systems.
    
    Approved by:	so, re
Commits on Jan 5, 2005
  1. MFC of src/sys/nfsserver/nfs_serv.c rev 1.147.2.3:

    kensmith authored
      Merge nfs_serv.c:1.151 from HEAD to RELENG_5:
    
        date: 2004/11/11 21:30:52;  author: rwatson;  state: Exp;  lines: +52 -38
        Correct a bug in nfsrv_create() where a call to nfsrv_access() might
        be made holding the NFS server mutex.  To clean this up, introduce a
        version of the function, nfsrv_access_withgiant(), that expects the
        NFS server mutex to already have been dropped and Giant acquired.
        Wrap nfsrv_access() around this.  This permits callers to more
        efficiently check access if they're in a code block performing VFS
        operations, and can be substitited for the nfsrv_access() call that
        triggered this bug.
    
        PR:             73807, 73208
    
    Approved by:	so (nectar)
    Work done by:	rwatson
    Errata Notice:	FreeBSD-EN-05:01.nfs
Something went wrong with that request. Please try again.