- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
May 15 2019
May 15 2019
Bump patch revision for updated mds patches.
Correct a few small details in advisories.
Update version of MDS advisory
May 14 2019
May 14 2019
Done with the large patches.
Add SA-19:03 to SA-19:07 and EN-19:08 to EN-19:10.
I need to commit some large patches.
Bump newvers.sh and add UPDATING block.
Mitigations for Microarchitectural Data Sampling.
Mitigations for Microarchitectural Data Sampling.
Fix ICMP/ICMP6 packet filter bypass in pf.
Fix IPv6 fragment reassembly panic in pf
Update ntpd to 4.2.8p13 to fix authenticated denial of service.
Update ntpd to 4.2.8p13 to fix authenticated denial of service.
Update hostapd/wpa_supplicant to 2.8 to fix multiple vulnerabilities.
Update hostapd/wpa_supplicant to 2.8 to fix multiple vulnerabilities.
Fix insufficient filename validation in scp client
Fix partially matching relative paths in xinstall.
Mar 21 2019
Mar 21 2019
Strong agree on separating any whitespace commits from functional commits. This is especially important for security sensitive content.
Mar 9 2019
Mar 9 2019
Correct wording around '-' masks.
Mar 6 2019
Mar 6 2019
Feb 5 2019
Feb 5 2019
Add SA-19:01, SA-19:02, EN-19:06, and EN-19:07.
Jan 9 2019
Jan 9 2019
Correct wrong year in advisory text.
Hopefully I won't need this again.
Add EN-19:01 through EN-19:05.
The sqlite patch is large....
Dec 19 2018
Dec 19 2018
Add SA-18:15 and EN-18:16 through EN-18:18.
Dec 12 2018
Dec 12 2018
Adjust section for secteam.
gordon closed D17984: Update secteam.
Promote remko to Deputy.
Update core team liason to reflect brooks taking the job..
Forgot to add this to the commit message to auto-close. This was committed as r52684.
Dec 6 2018
Dec 6 2018
Based on conversation with brooks, this doesn't need an advisory. Local DoS are exempt from SAs and the information leak is very low quality.
Dec 4 2018
Dec 4 2018
Publish FreeBSD-SA-18:14.bhyve.
gordon committed rS341488: Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve].
Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]
gordon committed rS341487: Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve].
Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]
Always treat firmware request and response sizes as unsigned.
Nov 27 2018
Nov 27 2018
Add SA-18:13 and EN-18:13 through EN-18:15.
Fix deferred kernel loading breaks loader password. [EN-18:15.loader]
Timezone database information update. [EN-18:14.tzdata]
Fix ICMP buffer underwrite. [EN-18:13.icmp]
Fix multiple vulnerabilities in NFS server code. [SA-18:13.nfs]
Nov 14 2018
Nov 14 2018
Oct 25 2018
Oct 25 2018
gordon resigned from D4964: Protect calls to explicit_bzero() via by explicitly disabling the link-time and other optimizations that can cause code elimination..
I don't know enough to review this request. Maybe delphij, emaste or one of the other secteam members has more domain experience here.
Oct 24 2018
Oct 24 2018
Approved based on timeout from delphij.
Oct 20 2018
Oct 20 2018
I have no objection. I'm not sure I'm qualified to weigh in on it. If markm is okay with it, then I would go ahead with it.
Logic looks reasonable to me. I have only read through the logic, not tested it myself.
Sep 27 2018
Sep 27 2018
Add errata notices EN-18:09 through EN-18:12
Check to ensure the buffer returned is not NULL.
gordon committed rS338986: There are various cases where we modify the inp_vflag and inp_inc.inc_flags.
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
gordon committed rS338985: There are various cases where we modify the inp_vflag and inp_inc.inc_flags.
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
Clear stack allocated data structure to prevent kernel memory leak.
Fix small kernel memory disclosures. [EN-18:12.mem]
Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen]
Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]
Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]
Sep 12 2018
Sep 12 2018
Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu]
Fix improper elf header parsing. [SA-18:12.elf]
Correct ELF header parsing code to prevent invalid ELF sections from
Aug 24 2018
Aug 24 2018
gordon added a comment to D16873: Limit the harvest rate of "fast" entropy for random(4) so as not to overload the system..
Aug 23 2018
Aug 23 2018
Add secteam instead of just me.
Jun 21 2018
Jun 21 2018
Add today's advisory and notices.
Fix TLB shootdown for Xen based guests. [EN-18:07.pmap]
Fix Lazy FPU information disclosure. [SA-18:07.lazyfpu]
May 20 2018
May 20 2018
Remove references to Perforce from the website.
May 12 2018
May 12 2018
Address feedback from bjk.
Perforce has removed the server components for FreeBSD.
May 11 2018
May 11 2018
May 8 2018
May 8 2018
Update timezone database information. [EN-18:06.tzdata]
Fix multiple small kernel memory disclosures. [EN-18:05.mem]
Fix mishandling of x86 debug exceptions. [SA-18:06.debugreg]
Apr 4 2018
Apr 4 2018
Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem.
Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem.
Fix multiple small kernel memory disclosures. [EN-18:04.mem]
Update timezone database information. [EN-18:03.tzdata]
Fix ipsec crash or denial of service. [SA-18:05.ipsec]
Fix vt console memory disclosure. [SA-18:04.vt]
Limit glyph count in vtfont_load to avoid integer overflow.
Mar 14 2018
Mar 14 2018
Add FreeBSD-SA-18:03.speculative_execution.
gordon committed rS330908: Add mitigations for two classes of speculative execution vulnerabilities.
Add mitigations for two classes of speculative execution vulnerabilities
Mar 8 2018
Mar 8 2018
Update SA-18:01 with revision and a new patch.
Bump newvers and document the updated patch for SA-18:01.ipsec
Mar 7 2018
Mar 7 2018
Correct patches for 10.x along with updated advisory.
Correct patch for ipsec vulnerability.
Fixup the AH patch to properly compile.
Remove myself now that I have commited the NTP patches.