2. Security Advisories

Problems described in the following security advisories have been fixed in 8.4-RELEASE. For more information, consult the individual advisories available from http://security.FreeBSD.org/.

SA-12:01.openssl03 May 2012

OpenSSL multiple vulnerabilities

SA-12:02.crypt30 May 2012

Incorrect crypt() hashing

SA-12:03.bind12 June 2012

Incorrect handling of zero-length RDATA fields in named(8)

SA-12:04.sysret12 June 2012

Privilege escalation when returning from kernel

SA-12:05.bind6 August 2012

named(8) DNSSEC validation Denial of Service

SA-12:06.bind22 November 2012

Multiple Denial of Service vulnerabilities with named(8)

SA-12:07.hostapd22 November 2012

Insufficient message length validation for EAP-TLS messages

SA-12:08.linux22 November 2012

Linux compatibility layer input validation error

SA-13:02.libc19 February 2013

glob(3) related resource exhaustion

SA-13:03.openssl02 April 2013

OpenSSL multiple vulnerabilities

SA-13:04.bind02 April 2013

BIND remote denial of service

SA-13:05.nfsserver29 April 2013

Insufficient input validation in the NFS server

All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/

Questions that are not answered by the documentation may be sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.