Return to patches-6.0.2.xml CVS log | Up to [cvs.NetBSD.org] / htdocs / support / security |
File: [cvs.NetBSD.org] / htdocs / support / security / patches-6.0.2.xml (download)
Revision 1.21, Fri Dec 21 19:06:27 2018 UTC (5 years, 3 months ago) by maya
Use protocol agnostic URLs, so we don't degrade HTTPS->HTTP. |
<?xml version="1.0"?> <!DOCTYPE webpage PUBLIC "-//NetBSD//DTD Website-based NetBSD Extension//EN" "http://www.NetBSD.org/XML/htdocs/lang/share/xml/website-netbsd.dtd"> <webpage id="support-security-patches-6.0.2"> <config param="desc" value="NetBSD 6.0.2 Security Advisories"/> <config param="cvstag" value="$NetBSD: patches-6.0.2.xml,v 1.21 2018/12/21 19:06:27 maya Exp $"/> <config param="rcsdate" value="$Date: 2018/12/21 19:06:27 $"/> <head> <title>NetBSD 6.0.2 Security Advisories</title> </head> <sect1 id="patches-6.0.2"> <para> Below is the list of advisories applicable to the <ulink url="../../releases/formal-6/">NetBSD 6.0.2</ulink> release: </para> <itemizedlist> <listitem>A description and resolution procedure for TCP LAST_ACK state memory exhaustion can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-009.txt.asc"> NetBSD Security Advisory NetBSD-SA2015-009</ulink></listitem> <listitem>A description and resolution procedure for OpenSSL and TLS protocol vulnerabilities can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"> NetBSD Security Advisory NetBSD-SA2015-008</ulink></listitem> <listitem>A description and resolution procedure for OpenSSL and SSLv3 vulnerabilities can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-007.txt.asc"> NetBSD Security Advisory NetBSD-SA2015-007</ulink></listitem> <listitem>A description and resolution procedure for OpenSSL and SSLv3 vulnerabilities can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-006.txt.asc"> NetBSD Security Advisory NetBSD-SA2015-006</ulink></listitem> <listitem>A description and resolution procedure for buffer overflow in libevent (CVE-2014-6272) can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-005.txt.asc"> NetBSD Security Advisory NetBSD-SA2015-005</ulink></listitem> <listitem>A description and resolution procedure for Two vulnerabilities in the compatibility layers can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-004.txt.asc"> NetBSD Security Advisory NetBSD-SA2015-004</ulink></listitem> <listitem>A description and resolution procedure for NTPd multiple vulnerabilities (CVE-2014-929[3-6]) can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-003.txt.asc"> NetBSD Security Advisory NetBSD-SA2015-003</ulink></listitem> <listitem>A description and resolution procedure for bind Denial of Service (CVE-2014-8500) can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc"> NetBSD Security Advisory NetBSD-SA2015-002</ulink></listitem> <listitem>A description and resolution procedure for Protocol handling issues in X Window System servers can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-001.txt.asc"> NetBSD Security Advisory NetBSD-SA2015-001</ulink></listitem> <listitem>A description and resolution procedure for OpenSSL and SSLv3 vulnerabilities can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-015</ulink></listitem> <listitem>A description and resolution procedure for Multiple vulnerabilities in the mount system call can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-014.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-014</ulink></listitem> <listitem>A description and resolution procedure for ftp(1) can be made to execute arbitrary commands by a malicious webserver can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-013</ulink></listitem> <listitem>A description and resolution procedure for Memory leak in the setsockopt system call can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-012.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-012</ulink></listitem> <listitem>A description and resolution procedure for User-controlled memory allocation in the modctl system call can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-011.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-011</ulink></listitem> <listitem>A description and resolution procedure for Multiple vulnerabilities in the compatibility layers can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-010.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-010</ulink></listitem> <listitem>A description and resolution procedure for Multiple vulnerabilities in the execve system call can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-009.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-009</ulink></listitem> <listitem>A description and resolution procedure for Multiple OpenSSL vulnerabilities can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-008</ulink></listitem> <listitem>A description and resolution procedure for bozohttpd basic http authentication bypass can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-007</ulink></listitem> <listitem>A description and resolution procedure for Multiple OpenSSL vulnerabilities can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-006.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-006</ulink></listitem> <listitem>A description and resolution procedure for libXfont multiple vulnerabilities can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-005.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-005</ulink></listitem> <listitem>A description and resolution procedure for OpenSSL information disclosure ("heartbleed") can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-004.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-004</ulink></listitem> <listitem>A description and resolution procedure for posix_spawn unbounded kernel memory allocation can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-003.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-003</ulink></listitem> <listitem>A description and resolution procedure for ntpd used as DDoS amplifier can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-002.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-002</ulink></listitem> <listitem>A description and resolution procedure for Stack buffer overflow in libXfont can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-001.txt.asc"> NetBSD Security Advisory NetBSD-SA2014-001</ulink></listitem> <listitem>A description and resolution procedure for Memory leak when trying to execute bogus ELF binaries can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-013.txt.asc"> NetBSD Security Advisory NetBSD-SA2013-013</ulink></listitem> <listitem>A description and resolution procedure for Router Advertisement sysctl local Denial of Service can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-012.txt.asc"> NetBSD Security Advisory NetBSD-SA2013-012</ulink></listitem> <listitem>A description and resolution procedure for embryonic TCP sockets local DoS can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-011.txt.asc"> NetBSD Security Advisory NetBSD-SA2013-011</ulink></listitem> <listitem>A description and resolution procedure for Use after free in Xserver handling of ImageText requests can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-010.txt.asc"> NetBSD Security Advisory NetBSD-SA2013-010</ulink></listitem> <listitem>A description and resolution procedure for user settable small BPF buffer can cause a panic can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-009.txt.asc"> NetBSD Security Advisory NetBSD-SA2013-009</ulink></listitem> <listitem>A description and resolution procedure for Error in authorization check re tcpdrop sysctl can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-008.txt.asc"> NetBSD Security Advisory NetBSD-SA2013-008</ulink></listitem> <listitem>A description and resolution procedure for Protocol handling issues in X Window System client libraries can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-007.txt.asc"> NetBSD Security Advisory NetBSD-SA2013-007</ulink></listitem> <listitem>A description and resolution procedure for Arbitrary Kernel Read with netstat -P can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-006.txt.asc"> NetBSD Security Advisory NetBSD-SA2013-006</ulink></listitem> <listitem>A description and resolution procedure for bind Denial of Service (CVE-2013-4854) can be found in <ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-005.txt.asc"> NetBSD Security Advisory NetBSD-SA2013-005</ulink></listitem> </itemizedlist> </sect1> </webpage>