-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
=============================================================================

FreeBSD-SA-06:08.sack                                       Security Advisory

                                                          The FreeBSD Project
Topic:          Infinite loop in SACK handling
Category:       core

Module:         netinet

Announced:      2006-02-01

Credits:        Scott Wood

Affects:        FreeBSD 5.3 and 5.4

Corrected:      2006-01-24 01:16:18 UTC (RELENG_5, 5.4-STABLE)

                2006-02-01 19:43:10 UTC (RELENG_5_4, 5.4-RELEASE-p11)

                2006-02-01 19:43:36 UTC (RELENG_5_3, 5.3-RELEASE-p26)

CVE Name:       CVE-2006-0433
For general information regarding FreeBSD Security Advisories,

including descriptions of the fields above, security branches, and the

following sections, please visit

<URL:http://www.freebsd.org/security/>.
I.   Background
SACK (Selective Acknowledgement) is an extension to the TCP/IP protocol

that allows hosts to acknowledge the receipt of some, but not all, of

the packets sent, thereby reducing the cost of retransmissions.
II.  Problem Description
When insufficient memory is available to handle an incoming selective

acknowledgement, the TCP/IP stack may enter an infinite loop.
III. Impact
By opening a TCP connection and sending a carefully crafted series of

packets, an attacker may be able to cause a denial of service.
IV.  Workaround
On FreeBSD 5.4, the net.inet.tcp.sack.enable sysctl can be used to

disable the use of SACK:
# sysctl net.inet.tcp.sack.enable=0
No workaround is available for FreeBSD 5.3.
V.   Solution
Perform one of the following:
1) Upgrade your vulnerable system to 5-STABLE or to the RELENG_5_4 or

RELENG_5_3 security branch dated after the correction date.
2) To patch your present system:
The following patch have been verified to apply to FreeBSD 5.3 and

5.4 systems.
a) Download the relevant patch from the location below, and ...
[ message continues ]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
=============================================================================

FreeBSD-SA-09:01.lukemftpd                                  Security Advisory

                                                          The FreeBSD Project
Topic:          Cross-site request forgery in lukemftpd(8)
Category:       core

Module:         lukemftpd

Announced:      2009-01-07

Credits:        Maksymilian Arciemowicz

Affects:        All supported versions of FreeBSD.

Corrected:      2009-01-07 20:17:55 UTC (RELENG_7, 7.1-STABLE)

                2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1)

                2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8)

                2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE)

                2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2)

                2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8)

CVE Name:       CVE-2008-4247
For general information regarding FreeBSD Security Advisories,

including descriptions of the fields above, security branches, and the

following sections, please visit <URL:http://security.FreeBSD.org/>.
I.   Background
lukemftpd(8) is a general-purpose implementation of File Transfer Protocol

(FTP) server that is shipped with the FreeBSD base system.  It is not enabled

in default installations but can be enabled as either an inetd(8) server,

or a standard-alone server.
A cross-site request forgery attack is a type of malicious exploit that is

mainly targeted to a web browser, by tricking a user trusted by the site

into visiting a specially crafted URL, which in turn executes a command

which performs some privileged operations on behalf of the trusted user

on the victim site.
II.  Problem Description
The lukemftpd(8) server splits long commands into several requests.  This

may result in the server executing a command which is hidden inside

another very long command.
III. Impact
This could, with a specifically crafted command, be used...
[ message continues ]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
=============================================================================

FreeBSD-SA-09:15.ssl                                        Security Advisory

                                                          The FreeBSD Project
Topic:          SSL protocol flaw
Category:       contrib

Module:         openssl

Announced:      2009-12-03

Credits:        Marsh Ray, Steve Dispensa

Affects:        All supported versions of FreeBSD.

Corrected:      2009-12-03 09:18:40 UTC (RELENG_8, 8.0-STABLE)

                2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1)

                2009-12-03 09:18:40 UTC (RELENG_7, 7.2-STABLE)

                2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5)

                2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9)

                2009-12-03 09:18:40 UTC (RELENG_6, 6.4-STABLE)

                2009-12-03 09:18:40 UTC (RELENG_6_4, 6.4-RELEASE-p8)

                2009-12-03 09:18:40 UTC (RELENG_6_3, 6.3-RELEASE-p14)

CVE Name:       CVE-2009-3555
For general information regarding FreeBSD Security Advisories,

including descriptions of the fields above, security branches, and the

following sections, please visit <URL:http://security.FreeBSD.org/>.
0.   Revision History
v1.0 2009-12-03  Initial release.

v1.1 2009-12-03  Corrected instructions in section V.2)b).
I.   Background
The SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols

provide a secure communications layer over which other protocols can be

utilized.  The most widespread use of SSL/TLS is to add security to the

HTTP protocol, thus producing HTTPS.
FreeBSD includes software from the OpenSSL Project which implements SSL

and TLS.
II.  Problem Description
The SSL version 3 and TLS protocols support session renegotiation without

cryptographically tying the new session parameters to the old parameters.
III. Impact
An attacker who can intercept a TCP connection being used for SSL or TLS

c...
[ message continues ]