Fix sendmail improper close-on-exec flag handling. [SA-14:11]
Fix ktrace memory disclosure. [SA-14:12]
Fix incorrect error handling in PAM policy parser. [SA-14:13]
Fix triple-fault when executing from a threaded process. [EN-14:06]
Fix bsnmpd remote denial of service vulnerability. [SA-14:01]
Fix ntpd distributed reflection Denial of Service vulnerability.
[SA-14:02]
Fix OpenSSL multiple vulnerabilities. [SA-14:03]
Fix BIND remote denial of service vulnerability. [SA-14:04]
Disable hardware RNGs by default. [EN-14:01]
Fix incorrect coalescing of stack entry with mmap. [EN-14:02]
transmission which could be tricked into rounding up to the nearest
page size, leaking up to a page of kernel memory. [13:11]
In IPv6 and NetATM, stop SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR
and SIOCSIFNETMASK at the socket layer rather than pass them on to the
link layer without validation or credential checks. [SA-13:12]
Prevent cross-mount hardlinks between different nullfs mounts of the
same underlying filesystem. [SA-13:13]
Security: CVE-2013-5666
Security: FreeBSD-SA-13:11.sendfile
Security: CVE-2013-5691
Security: FreeBSD-SA-13:12.ifioctl
Security: CVE-2013-5710
Security: FreeBSD-SA-13:13.nullfs
Approved by: so
Fix an integer overflow in computing the size of a temporary buffer
can result in a buffer which is too small for the requested
operation. [13:09]
Fix a bug that could lead to kernel memory disclosure with
SCTP state cookie. [13:10]
Add latest errata notices:
Fix a data corruption problem with mfi(4) operating on > 2TB
disks in a JBOD. [EN-13:03]
Fix Denial of Service vulnerability in named(8). [13:07]
Fix a bug that allows remote client bypass the normal
access checks when when -network or -host restrictions are
used at the same time with -mapall. [13:08]
Fix a problem where dhclient(8) utility tries to initilaize an
fxp(4) forever because the driver resets the controller chip
twice upon initialization. [EN-13:01]
Fix a problem where frames sent to additional MAC addresses are
not forwarded to the vtnet(4) interface. [EN-13:02]
to a memory-mapped file in the traced process's address space
even if neither the traced process nor the tracing process had
write access to that file.
Security: CVE-2013-2171
Security: FreeBSD-SA-13:06.mmap
Approved by: so
Fix Denial of Service vulnerability in named(8) with DNS64. [13:01]
Fix Denial of Service vulnerability in libc's glob(3) functionality.
[13:02]
Security: CVE-2012-5688
Security: FreeBSD-SA-13:01.bind
Security: CVE-2010-2632
Security: FreeBSD-SA-13:02.libc
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.
For now files are just sitting there. The symlinks are missing.
Discussed on: www (repository location)
Discussed with: simon (so)
