FreeBSD Security Advisory FreeBSD-SA-04:16.fetch - The fetch utility suffers from an integer overflow condition in the processing of HTTP headers that can result in a buffer overflow.
6a018e23dd8de8d84de9f7d1f8a504a855c7a82a0f3059e216c48ef84a19658a
FreeBSD Security Advisory - The IPsec suite of protocols suffer from a null pointer dereference panic vulnerability.
7627924aa435f05eb5d237fa62f10699d9b3b18134bb644e86b0a181d39e66ae
FreeBSD Security Advisory - The sendfile system call suffers from a write-only file permission bypass vulnerability.
ae9c8fbc319906870b4f06753c0bc8a6c535f33e9b798c9f5924229d2e8e5cae
FreeBSD Security Advisory - An off-by-one error in the inet_network() function could lead to memory corruption with certain inputs.
8b155994e4ef7e962223a3531ba2e2a826ab0c7ece42ea9334d85f02eee60190
FreeBSD Security Advisory - The FreeBSD pty handling suffers from multiple security vulnerabilities.
23273e2d002470b835681157420309b846ee5949a2100ba89960895d95269202
FreeBSD Security Advisory - Insufficient sanity checking of paths containing '.' and '..' allows gtar to overwrite arbitrary files on the system.
dcc19ef1a758f3087be980a876f9e362719306f374c5862dbc64840fe61c16ac
FreeBSD Security Advisory - Under certain circumstances, a bug in the internal state tracking on the random and urandom devices can be exploited to allow replaying of data distributed during subsequent reads.
79fc48bb0be0a2fc8194b995f8df4fc946ed9da015fb0ef3779e6e7ea6fd4d16
FreeBSD Security Advisory - A buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found to be incorrectly fixed.
b17048d5d589fb121d6c680856308fa4c05d2db3f5e995fda3825188618c9387
FreeBSD Security Advisory - An attacker who can see the query id for some request(s) sent by named(8) is likely to be able to perform DNS cache poisoning by predicting the query id for other request(s).
85b9dc46bf51bf97e6c2530765f1006e835e54646ea613fdacc90affeb633d73
FreeBSD Security Advisory - By crafting malicious BGP packets, an attacker could exploit a vulnerability in tcpdump allowing them to execute code or crash the process.
e33c611629e2f77744592e30f63eec2b9479350375ca2b84b50d8d02a47af1bd
FreeBSD Security Advisory - Due to the lack of handling of potential symbolic links the host's jail rc.d(8) script is vulnerable to "symlink attacks". By replacing /var/log/console.log inside the jail with a symbolic link it is possible for the superuser (root) inside the jail to overwrite files on the host system outside the jail with arbitrary content. This in turn can be used to execute arbitrary commands with non-jailed superuser privileges.
028e10620eb9d9c3fa9a15f2a25d7e04e9c45a57e7eaee8470108c46f4ed4e43
FreeBSD Security Advisory - Several problems have been found in the libarchive code used to parse the tar and pax interchange formats. These include entering an infinite loop if an archive prematurely ends within a pax extension header or if certain types of corruption occur in pax extension headers, dereferencing a NULL pointer if an archive prematurely ends within a tar header immediately following a pax extension header or if certain other types of corruption occur in pax extension headers, and miscomputing the length of a buffer resulting in a buffer overflow if yet another type of corruption occurs in a pax extension header.
b38942f713cc47fbfb1b3c24182ba24175fea8220d4abee0c036c12cbc41e014
FreeBSD Security Advisory - An attacker who can cause file to be run on a maliciously constructed input can cause file to crash. It may be possible for such an attacker to execute arbitrary code with the privileges of the user running file. The above also applies to any other applications using the libmagic library.
8e2a86c43663ab976f1486f288aeb153a35b6755fa7c13f24c4527aa1cd9f14d
FreeBSD Security Advisory - There is no mechanism for preventing IPv6 routing headers from being used to route packets over the same link(s) many times. An attacker can "amplify" a denial of service attack against a link between two vulnerable hosts; that is, by sending a small volume of traffic the attacker can consume a much larger amount of bandwidth between the two vulnerable hosts. An attacker can use vulnerable hosts to "concentrate" a denial of service attack against a victim host or network; that is, a set of packets sent over a period of 30 seconds or more could be constructed such that they all arrive at the victim within a period of 1 second or less.
e323b4eb127110e64c1525bdafe94d149b45614db2539509afa2cbeeb7a9e6be
FreeBSD Security Advisory - A remote attacker sending a type * (ANY) query to an authoritative DNS server for a DNSSEC signed zone can cause the named(8) daemon to exit, resulting in a Denial of Service.
8468eb2d18ed5e62f05cc1b12e5a16a332d905bf12993f6630719308f3901887
FreeBSD Security Advisory - jail(2) is susceptible to a symlink related vulnerability due to a lack of sanity checking.
67718e9c6c514fdd36e62fe2606ff687a4feed8cb51383a05dc3595135aae050
FreeBSD Security Advisory - Symlinks created using the "GNUTYPE_NAMES" tar extension can be absolute due to lack of proper sanity checks.
7ba3e6885e8d3fc426d046277d8b0ab731a8d7a0955760bb6ec9de3f9f245048
FreeBSD Security Advisory - The firewire(4) driver suffers from a kernel memory disclosure flaw.
4db745ec6a09022919249c4b5643014725cec3d5b47739879440d0729ce0431d
FreeBSD Security Advisory - If the end of an archive is reached while attempting to "skip" past a region of an archive, libarchive will enter an infinite loop wherein it repeatedly attempts (and fails) to read further data.
1662409beef33d76b0e89f2e9c582e294f8878e50e0f2f6197a66012038d1c3b
FreeBSD Security Advisory: Multiple problems in crypto(3) [revised]
cf24f2e129bca457df67226f2da481a6cd4cd412bc1dd50076f6b090a5725090
FreeBSD Security Advisory: Multiple problems in crypto(3)
0187927fa4f8bfa1d2e8ed32a2b55c51090ed0b77f08caa6a6f2abc617a0afaf
FreeBSD Security Advisory - Multiple vulnerabilities exist in gzip.
40bd13cb8cb2081691ce02d2adabac8a542bd62b8d47fd3c4d05236d29b0cb78
FreeBSD Security Advisory - BIND 9 suffers from multiple denial of service vulnerabilities.
d4a8c901fd917c2e9269ec036040d861d50d033a2fcb23dda2d2938f8e43b448
FreeBSD Security Advisory - When verifying a PKCS#1 version 1.5 signature, OpenSSL ignores any bytes which follow the cryptographic hash being signed. In a valid signature there will be no such bytes.
b12a2d894db6fb7f3b6c529ad1fe3cac50460ba14815fe9a015f3369107f278f
FreeBSD Security Advisory - While processing Link Control Protocol (LCP) configuration options received from the remote host, ppp fails to correctly validate option lengths. This may result in data being read or written beyond the allocated kernel memory buffer.
1a505aa71e5062892602bad3342291e7924f5588a8db8ea6bfbcdaa4e12a0f6d
FreeBSD Security Advisory - A suitably malformed multipart MIME message can cause sendmail to exceed predefined limits on its stack usage.
4c64110a3ce437e1fc236d7f09777c2a562a531cde1988c0e58a3141c21e6e8e