- Vulnerability: non-coprime values in DSA signatures can cause buffer
overflow in modular inverse
- Vulnerability: buffer underrun in modmul can corrupt the heap
- Vulnerability: negative string length in public-key signatures can
cause integer overflow and overwrite all of memory
- Private keys left in memory after being used by PuTTY tools
N.B. some of these vulnerabilities where an SSH-2 server can make PuTTY
overrun or underrun buffers can be triggered *before* host key verification
so there is a risk from a spoofed server. For more info see the 0.63
section of http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/
ability to write messages in an external editor, and regular bugfixes.
The default texapprc has been tweaked to more closely follow the style of
alpha (the web-based app written by the founders of app.net).
query that includes malformed rdata can cause named to terminate with an
assertion failure while rejecting the malformed query. Authoritative and
recursive servers are equally vulnerable. Intentional exploitation of
this condition can cause a denial of service in all nameservers running
affected versions of BIND 9. Access Control Lists do not provide any
protection from malicious clients.
MessagePack is a fast, compact binary serialization format, suitable for
similar data to JSON. This package provides CPython bindings for reading
and writing MessagePack data.
ok rpointel@
properly in inline mode:
1. A bug in ipfw_daq_inject() ignores the buf and len arguments that are
passed to it. This prevents Snort inline mode from dropping/rejecting
packets that match "drop" or "reject" rules.
2. Remove DAQ_CAPA_UNPRIV_START from the list of capabilities so that
Snort can run as an unprivileged user when using the IPFW DAQ module.
Tested by myself and Adam Jeanguenat. Received guidance from sthen@.
Both fixes have been sent upstream.
- BUG/MAJOR: backend: consistent hash can loop forever in certain circumstances
- BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks are used
- MEDIUM: protocol: implement a "drain" function in protocol layers
- BUG/CRITICAL: fix a possible crash when using negative header occurrences
Resolves CVE-2013-2175
ok gonzalo
LLDP (Link Layer Discovery Protocol) is an industry standard protocol
designed to supplant proprietary Link-Layer protocols such as
Extreme's EDP (Extreme Discovery Protocol) and CDP (Cisco Discovery
Protocol). The goal of LLDP is to provide an inter-vendor compatible
mechanism to deliver Link-Layer notifications to adjacent network
devices.
lldpd implements both reception and sending. It also implements an
SNMP subagent for net-snmp to get local and remote LLDP
information. The LLDP MIB is partially implemented but the most useful
tables are here. lldpd also partially implements LLDP-MED.
lldpd supports bridge, vlan and bonding. bonding need to be done on
real physical devices, not on bridges, vlans, etc. However, vlans can
be mapped on the bonding device. You can bridge vlan but not add vlans
on bridges. More complex setups may give false results.
