Help Net Security
Help Net Security

NetBSD 5.1 released, security fixes abound

NetBSD 5.1 represents a selected subset of fixes deemed critical for security or stability reasons, as well as new features and enhancements.

Security advisory fixes:

  • NetBSD-SA2009-004, NetBSD OpenPAM passwd(1) changing weakness.
  • NetBSD-SA2009-005, Plaintext Recovery Attack Against SSH.
  • NetBSD-SA2009-006, Buffer overflows in ntp.
  • NetBSD-SA2009-007, Buffer overflows in hack(6).
  • NetBSD-SA2009-008, OpenSSL ASN1 parsing denial of service and CMS signature verification weakness.
  • NetBSD-SA2009-009, OpenSSL DTLS Memory Exhaustion and DSA signature verification vulnerabilities.
  • NetBSD-SA2009-010, ISC dhclient subnet-mask flag stack overflow.
  • NetBSD-SA2009-011, ISC DHCP server Denial of Service vulnerability.
  • NetBSD-SA2009-012, SHA2 implementation potential buffer overflow.
  • NetBSD-SA2009-013, BIND named dynamic update Denial of Service vulnerability.
  • NetBSD-SA2010-002, OpenSSL TLS renegotiation man in the middle vulnerability.
  • NetBSD-SA2010-003, azalia(4)/hdaudio(4) negative mixer index panic.
  • NetBSD-SA2010-004, amd64 per-page No-execute (NX) bit disabled.
  • NetBSD-SA2010-005, NTP server Denial of Service vulnerability.
  • NetBSD-SA2010-006, Buffer length checking errors in CODA.
  • NetBSD-SA2010-007, Integer overflow in libbz2 decompression code.
  • NetBSD-SA2010-008, sftp(1)/ftp(1)/glob(3) related resource exhaustion.
  • NetBSD-SA2010-010, Buffer Length Handling Errors in netsmb.
  • NetBSD-SA2010-011, OpenSSL Double Free Arbitrary Code Execution.

Other security fixes:

  • openssl: Fix CVE-2009-4355 and CVE-2010-0740.
  • Fix crash in openssl: handshake_dgst[] may be used without being allocated, causing NULL pointer dereference.
  • Update BIND server and tools to 9.5.2-P2, fixing CVE-2009-0025, CVE-2009-4022, and CVE-2010-0097.
  • ntpd(8): Fix CVE-2009-3563.
  • expat: Fix SA36425 and CVE-2009-3560.
  • fts(3): Avoid possible integer overflow on really deep dirs, and subsequent collateral damage. Received from OpenBSD via US-CERT as VU #590371.
  • Fix a couple issues with POSIX message queues
  • arc4random(3): Keep arc4_i and arc4_j synchronised after a rekeying. This prevents accidentally ending up in a short ARC4 cycle.
  • freetype: Fix CVE-2009-0946.
  • ftpd(8): Fix a remote crash. PR 43023.
  • openldap: Fix CVE-2009-3767.
  • Fix an NX regression observed on amd64 kernels, where per-page execution right was disabled (therefore leading to the inability of the kernel to detect fraudulent use of memory mappings marked as not being executable).
More about

Featured news

Sponsored

Don't miss