MidnightBSD developers announced release of MidnightBSD 0.6, a FreeBSD based BSD distribution dedicated to create an easy to use desktop environment with graphical ports management, and system configurations using GNUStep.
MidnightBSD 0.6 is primarily a security fix release that comes with fix for a wide range of issues. According to release notes of MidnightBSD 0.6, following are some of the security fixes shipped with MidnightBSD 0.6.
- OpenSSL: The receipt of a specifically crafted DTLS handshake message may cause OpenSSL to consume large amounts of memory. [CVE-2014-3506]
- The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak memory. [CVE-2014-3507]
- A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508]
- OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. [CVE-2014-3510]
- TCP SYN: When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window.