![[BACK]](/icons/back.gif){kind=icon}
Return to patches-6.0.2.xml CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / htdocs / support / security|
Return to patches-6.0.2.xml CVS log | Up to [cvs.NetBSD.org] / htdocs / support / security |
| File: [cvs.NetBSD.org] / htdocs / support / security / patches-6.0.2.xml (download)
Revision 1.21, Fri Dec 21 19:06:27 2018 UTC (5 years, 3 months ago) by maya
Use protocol agnostic URLs, so we don't degrade HTTPS->HTTP. |
<?xml version="1.0"?>
<!DOCTYPE webpage
PUBLIC "-//NetBSD//DTD Website-based NetBSD Extension//EN"
"http://www.NetBSD.org/XML/htdocs/lang/share/xml/website-netbsd.dtd">
<webpage id="support-security-patches-6.0.2">
<config param="desc" value="NetBSD 6.0.2 Security Advisories"/>
<config param="cvstag" value="$NetBSD: patches-6.0.2.xml,v 1.21 2018/12/21 19:06:27 maya Exp $"/>
<config param="rcsdate" value="$Date: 2018/12/21 19:06:27 $"/>
<head>
<title>NetBSD 6.0.2 Security Advisories</title>
</head>
<sect1 id="patches-6.0.2">
<para>
Below is the list of advisories applicable to the
<ulink url="../../releases/formal-6/">NetBSD 6.0.2</ulink>
release:
</para>
<itemizedlist>
<listitem>A description and resolution procedure for
TCP LAST_ACK state memory exhaustion
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-009.txt.asc">
NetBSD Security Advisory NetBSD-SA2015-009</ulink></listitem>
<listitem>A description and resolution procedure for
OpenSSL and TLS protocol vulnerabilities
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc">
NetBSD Security Advisory NetBSD-SA2015-008</ulink></listitem>
<listitem>A description and resolution procedure for
OpenSSL and SSLv3 vulnerabilities
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-007.txt.asc">
NetBSD Security Advisory NetBSD-SA2015-007</ulink></listitem>
<listitem>A description and resolution procedure for
OpenSSL and SSLv3 vulnerabilities
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-006.txt.asc">
NetBSD Security Advisory NetBSD-SA2015-006</ulink></listitem>
<listitem>A description and resolution procedure for
buffer overflow in libevent (CVE-2014-6272)
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-005.txt.asc">
NetBSD Security Advisory NetBSD-SA2015-005</ulink></listitem>
<listitem>A description and resolution procedure for
Two vulnerabilities in the compatibility layers
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-004.txt.asc">
NetBSD Security Advisory NetBSD-SA2015-004</ulink></listitem>
<listitem>A description and resolution procedure for
NTPd multiple vulnerabilities (CVE-2014-929[3-6])
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-003.txt.asc">
NetBSD Security Advisory NetBSD-SA2015-003</ulink></listitem>
<listitem>A description and resolution procedure for
bind Denial of Service (CVE-2014-8500)
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc">
NetBSD Security Advisory NetBSD-SA2015-002</ulink></listitem>
<listitem>A description and resolution procedure for
Protocol handling issues in X Window System servers
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-001.txt.asc">
NetBSD Security Advisory NetBSD-SA2015-001</ulink></listitem>
<listitem>A description and resolution procedure for
OpenSSL and SSLv3 vulnerabilities
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-015</ulink></listitem>
<listitem>A description and resolution procedure for
Multiple vulnerabilities in the mount system call
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-014.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-014</ulink></listitem>
<listitem>A description and resolution procedure for
ftp(1) can be made to execute arbitrary commands by a malicious webserver
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-013</ulink></listitem>
<listitem>A description and resolution procedure for
Memory leak in the setsockopt system call
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-012.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-012</ulink></listitem>
<listitem>A description and resolution procedure for
User-controlled memory allocation in the modctl system call
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-011.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-011</ulink></listitem>
<listitem>A description and resolution procedure for
Multiple vulnerabilities in the compatibility layers
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-010.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-010</ulink></listitem>
<listitem>A description and resolution procedure for
Multiple vulnerabilities in the execve system call
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-009.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-009</ulink></listitem>
<listitem>A description and resolution procedure for
Multiple OpenSSL vulnerabilities
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-008</ulink></listitem>
<listitem>A description and resolution procedure for
bozohttpd basic http authentication bypass
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-007</ulink></listitem>
<listitem>A description and resolution procedure for
Multiple OpenSSL vulnerabilities
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-006.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-006</ulink></listitem>
<listitem>A description and resolution procedure for
libXfont multiple vulnerabilities
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-005.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-005</ulink></listitem>
<listitem>A description and resolution procedure for
OpenSSL information disclosure ("heartbleed")
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-004.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-004</ulink></listitem>
<listitem>A description and resolution procedure for
posix_spawn unbounded kernel memory allocation
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-003.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-003</ulink></listitem>
<listitem>A description and resolution procedure for
ntpd used as DDoS amplifier
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-002.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-002</ulink></listitem>
<listitem>A description and resolution procedure for
Stack buffer overflow in libXfont
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-001.txt.asc">
NetBSD Security Advisory NetBSD-SA2014-001</ulink></listitem>
<listitem>A description and resolution procedure for
Memory leak when trying to execute bogus ELF binaries
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-013.txt.asc">
NetBSD Security Advisory NetBSD-SA2013-013</ulink></listitem>
<listitem>A description and resolution procedure for
Router Advertisement sysctl local Denial of Service
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-012.txt.asc">
NetBSD Security Advisory NetBSD-SA2013-012</ulink></listitem>
<listitem>A description and resolution procedure for
embryonic TCP sockets local DoS
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-011.txt.asc">
NetBSD Security Advisory NetBSD-SA2013-011</ulink></listitem>
<listitem>A description and resolution procedure for
Use after free in Xserver handling of ImageText requests
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-010.txt.asc">
NetBSD Security Advisory NetBSD-SA2013-010</ulink></listitem>
<listitem>A description and resolution procedure for
user settable small BPF buffer can cause a panic
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-009.txt.asc">
NetBSD Security Advisory NetBSD-SA2013-009</ulink></listitem>
<listitem>A description and resolution procedure for
Error in authorization check re tcpdrop sysctl
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-008.txt.asc">
NetBSD Security Advisory NetBSD-SA2013-008</ulink></listitem>
<listitem>A description and resolution procedure for
Protocol handling issues in X Window System client libraries
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-007.txt.asc">
NetBSD Security Advisory NetBSD-SA2013-007</ulink></listitem>
<listitem>A description and resolution procedure for
Arbitrary Kernel Read with netstat -P
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-006.txt.asc">
NetBSD Security Advisory NetBSD-SA2013-006</ulink></listitem>
<listitem>A description and resolution procedure for
bind Denial of Service (CVE-2013-4854)
can be found in
<ulink url="//ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-005.txt.asc">
NetBSD Security Advisory NetBSD-SA2013-005</ulink></listitem>
</itemizedlist>
</sect1>
</webpage>