cvs commit: src UPDATING src/contrib/bzip2 bzip2.c bzlib.c
compress.c decompress.c huffman.c src/sys/conf newvers.sh
src/sys/netinet ip_fw2.c tcp_input.c tcp_seq.h
Simon L. Nielsen
simon at FreeBSD.org
Wed Jun 29 21:41:04 GMT 2005
simon 2005-06-29 21:41:03 UTC
FreeBSD src repository (doc,ports committer)
Modified files: (Branch: RELENG_5_4)
. UPDATING
contrib/bzip2 bzip2.c bzlib.c compress.c decompress.c
huffman.c
sys/conf newvers.sh
sys/netinet ip_fw2.c tcp_input.c tcp_seq.h
Log:
Correct ipfw packet matching errors with address tables.
Security: CAN-2005-2019
Security: FreeBSD-SA-05:13.ipfw
Correct bzip2 denial of service and permission race vulnerabilities.
Obtained from: Redhat, Steve Grubb via RedHat
Security: CAN-2005-0953, CAN-2005-1260
Security: FreeBSD-SA-05:14.bzip2
Approved by: obrien
Correct TCP connection stall denial-of-service vulnerabilities.
MFC: rev 1.270 of tcp_input.c, rev 1.25 of tcp_seq.h by ps: When a TCP
packets containing a timestamp is received, inadequate checking of
sequence numbers is performed, allowing an attacker to artificially
increase the internal "recent" timestamp for a connection.
A TCP packets with the SYN flag set is accepted for established
connections, allowing an attacker to overwrite certain TCP options.
Security: CAN-2005-0356, CAN-2005-2068
Security: FreeBSD-SA-05:15.tcp
Approved by: so (cperciva)
Revision Changes Path
1.342.2.24.2.12 +8 -0 src/UPDATING
1.1.1.2.12.1 +34 -9 src/contrib/bzip2/bzip2.c
1.1.1.2.12.1 +37 -14 src/contrib/bzip2/bzlib.c
1.1.1.2.12.1 +7 -5 src/contrib/bzip2/compress.c
1.1.1.2.12.1 +11 -5 src/contrib/bzip2/decompress.c
1.1.1.2.12.1 +18 -1 src/contrib/bzip2/huffman.c
1.62.2.18.2.8 +1 -1 src/sys/conf/newvers.sh
1.70.2.10.2.1 +20 -17 src/sys/netinet/ip_fw2.c
1.252.2.14.2.1 +24 -4 src/sys/netinet/tcp_input.c
1.22.2.1.2.1 +1 -0 src/sys/netinet/tcp_seq.h
More information about the cvs-src
mailing list