src/sys, branch releng/10.4 FreeBSD source tree Fix small kernel memory disclosures. [EN-18:12.mem] 2018-09-27T18:36:30+00:00 Gordon Tetlow gordon@FreeBSD.org 2018-09-27T18:36:30+00:00 d869f4ade283f4691dc249e435376a5883824be2 Reported by: Thomas Barabosch, Fraunhofer FKIE Approved by: so Security: FreeBSD-EN-18:12.mem Security: CVE-2018-17155 
Reported by:	Thomas Barabosch, Fraunhofer FKIE
Approved by:	so
Security:	FreeBSD-EN-18:12.mem
Security:	CVE-2018-17155
Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen] 2018-09-27T18:34:42+00:00 Gordon Tetlow gordon@FreeBSD.org 2018-09-27T18:34:42+00:00 e106753b247571ad73522292efb4403a6e2cb166 Reported by: Jakub Jirasek, Secunia Research at Flexera Approved by: so Security: FreeBSD-EN-18:11.listen Security: CVE-2018-6925 
Reported by:	Jakub Jirasek, Secunia Research at Flexera
Approved by:	so
Security:	FreeBSD-EN-18:11.listen
Security:	CVE-2018-6925
Fix improper elf header parsing. [SA-18:12.elf] 2018-09-12T05:07:35+00:00 Gordon Tetlow gordon@FreeBSD.org 2018-09-12T05:07:35+00:00 c8d12d526fa7245363c95c6901f5d82cf3da3631 Approved by: so Security: FreeBSD-SA-18:12.elf Security: CVE-2018-6924 
Approved by:	so
Security:	FreeBSD-SA-18:12.elf
Security:	CVE-2018-6924
Revis manual pages. [SA-18:08.tcp] 2018-08-15T02:31:10+00:00 Xin LI delphij@FreeBSD.org 2018-08-15T02:31:10+00:00 6104655a362dd3b385d5d38ba4c61d696a14d595 Fix unauthenticated EAPOL-Key decryption vulnerability. [SA-18:11.hostapd] Approved by: so 
Fix unauthenticated EAPOL-Key decryption vulnerability.
[SA-18:11.hostapd]

Approved by:	so
Bump patch level and document them. 2018-08-06T20:39:27+00:00 Xin LI delphij@FreeBSD.org 2018-08-06T20:39:27+00:00 f94841ff4608f5725022d9f81b85befc01465b4f Approved by: so 
Approved by:	so
Address concerns about CPU usage while doing TCP reassembly. 2018-08-06T17:50:40+00:00 Jonathan T. Looney jtl@FreeBSD.org 2018-08-06T17:50:40+00:00 78c107a5b17915a74805b8fe312c752db6d59283 Currently, the per-queue limit is a function of the receive buffer size and the MSS. In certain cases (such as connections with large receive buffers), the per-queue segment limit can be quite large. Because we process segments as a linked list, large queues may not perform acceptably. The better long-term solution is to make the queue more efficient. But, in the short-term, we can provide a way for a system administrator to set the maximum queue size. We set the default queue limit to 100. This is an effort to balance performance with a sane resource limit. Depending on their environment, goals, etc., an administrator may choose to modify this limit in either direction. Approved by: so Security: FreeBSD-SA-18:08.tcp Security: CVE-2018-6922 
Currently, the per-queue limit is a function of the receive buffer
size and the MSS.  In certain cases (such as connections with large
receive buffers), the per-queue segment limit can be quite large.
Because we process segments as a linked list, large queues may not
perform acceptably.

The better long-term solution is to make the queue more efficient.
But, in the short-term, we can provide a way for a system
administrator to set the maximum queue size.

We set the default queue limit to 100.  This is an effort to balance
performance with a sane resource limit.  Depending on their
environment, goals, etc., an administrator may choose to modify this
limit in either direction.

Approved by:	so
Security:	FreeBSD-SA-18:08.tcp
Security:	CVE-2018-6922
Fix multiple small kernel memory disclosures. [EN-18:05.mem] 2018-05-08T17:14:54+00:00 Gordon Tetlow gordon@FreeBSD.org 2018-05-08T17:14:54+00:00 55465f551ca4bc3f03f68d46df387f589f37665b Approved by: so Security: CVE-2018-6920 Security: CVE-2018-6921 Security: FreeBSD-EN-18:05.mem 
Approved by:	so
Security:	CVE-2018-6920
Security:	CVE-2018-6921
Security:	FreeBSD-EN-18:05.mem
Fix mishandling of x86 debug exceptions. [SA-18:06.debugreg] 2018-05-08T17:12:10+00:00 Gordon Tetlow gordon@FreeBSD.org 2018-05-08T17:12:10+00:00 c3a9e994d6f63dbfe694be6cad89930608218d71 Bump newvers.sh and UPDATING for today's patches. Approved by: so Security: CVE-2018-8897 Security: FreeBSD-SA-18:06.debugreg Sponsored by: The FreeBSD Foundation 
Bump newvers.sh and UPDATING for today's patches.

Approved by:	so
Security:	CVE-2018-8897
Security:	FreeBSD-SA-18:06.debugreg
Sponsored by:	The FreeBSD Foundation
Fix multiple small kernel memory disclosures. [EN-18:04.mem] 2018-04-04T05:43:03+00:00 Gordon Tetlow gordon@FreeBSD.org 2018-04-04T05:43:03+00:00 a90b7959a3ad6a9eb58bffe1148ed4074c11b016 Reported by: Ilja van Sprundel Approved by: so Security: CVE-2018-6919 Security: FreeBSD-EN-18:04.mem 
Reported by:	Ilja van Sprundel
Approved by:	so
Security:	CVE-2018-6919
Security:	FreeBSD-EN-18:04.mem
Fix ipsec crash or denial of service. [SA-18:05.ipsec] 2018-04-04T05:37:52+00:00 Gordon Tetlow gordon@FreeBSD.org 2018-04-04T05:37:52+00:00 70ef2c034c3449a49e5ed2f3a7900a729d423414 Reported by: Maxime Villard Approved by: so Security: CVE-2018-6918 Security: FreeBSD-SA-18:05.ipsec 
Reported by:	Maxime Villard
Approved by:	so
Security:	CVE-2018-6918
Security:	FreeBSD-SA-18:05.ipsec