Day: November 5, 2014

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:26.ftp

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-SA-14:26.ftp Security Advisory
The FreeBSD Project

Topic: Remote command execution in ftp(1)

Category: core
Module: ftp
Announced: 2014-11-04
Credits: Jared McNeill, Alistair Crooks
Affects: All supported versions of FreeBSD.
Corrected: 2014-11-04 23:29:57 UTC (stable/10, 10.1-PRERELEASE)
2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC4-p1)
2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC3-p1)
2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC2-p3)
2014-11-04 23:31:17 UTC

(Read more...)

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-SA-14:25.setlogin Security Advisory
The FreeBSD Project

Topic: Kernel stack disclosure in setlogin(2) / getlogin(2)

Category: core
Module: kernel
Announced: 2014-11-04
Credits: Mateusz Guzik
Affects: All supported versions of FreeBSD.
Corrected: 2014-11-04 23:29:57 UTC (stable/10, 10.1-PRERELEASE)
2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC4-p1)
2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC3-p1)
2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC2-p3)
2014-11-04 23:31:17 UTC

(Read more...)

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:24.sshd

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-SA-14:24.sshd Security Advisory
The FreeBSD Project

Topic: Denial of service attack against sshd(8)

Category: contrib
Module: openssh
Announced: 2014-11-04
Credits:
Affects: FreeBSD 9.1, 9.2 and 10.0.
Corrected: 2014-05-04 07:28:26 UTC (stable/10, 10.0-STABLE)
2014-11-04 23:31:17 UTC (releng/10.0, 10.0-RELEASE-p12)
2014-05-04 07:57:20 UTC (stable/9, 9.2-STABLE)
2014-11-04 23:33:17 UTC (releng/9.2, 9.2-RELEASE-p15)
2014-11-04 23:32:45 UTC (releng/9.1, 9.1-RELEASE-p22)
CVE

(Read more...)