- Fixed a regression in resolver.c:possibly_mark() which caused
known-bogus servers to be queried anyway. [RT #41321]
- render_ecs errors were mishandled when printing out a OPT record
resulting in a assertion failure. (CVE-2015-8705) [RT #41397]
- Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396]
than 0.0.0.0 by default. This isn't good on OpenBSD which deliberately
doesn't allow IPv4 connections on an IPv6 socket so revert that change.
Failure reported and fix tested by Johan Huldtgren, ok aja@
CVE-2015-8605: UDP payload length not properly checked
"A badly formed packet with an invalid IPv4 UDP length field can
cause a DHCP server, client, or relay program to terminate abnormally."
(plus, compared to Henrik's diff, reinstate some make/MAKE_PROGRAM patches)
- mod_http_files could serve requests outside of the configured public root
- server-to-server dialback authentication (mod_dialback) weak RNG
fix for a transfer from a sender that you don't fully trust.
Originally gonzalo@ submitted a broken update to espie@ who passed
it around and then everybody forgot.
http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d
- Ensure that option length fits inside data length less option size.
(can lead to an invalid read/crash via malformed dhcp responses)
http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9
- dhcp_optlen now returns the length of the data we can sanely work
on given the option definition and data length. Call dhcp_optlen in
dhcp_envoption1 to take into ensure these bounds are not overstepped.
Fixes an issue reported by Nico Golde where extra undersized data was
present in the option. An example of this would be an array of uint16's
with a trailing byte.
(reporter says "exploitation is non-trivial, but i'd love to be
proven wrong.")
user has set a command-line arguments containing '+' (not totally uncommon).
Otherwise rc_check() now waits for pexp to match, which fails due to
the + being handled as part of a regular expression.
Boto3 is the Amazon Web Services (AWS) Software Development Kit (SDK) for
Python, which allows Python developers to write software that makes use of
services like Amazon S3 and Amazon EC2. You can find the latest, most up to
date, documentation at `Read the Docs`_, including a list of services that are
supported.
ok sthen@
