NetBSD 7.0.1 released with security/bugfix

The NetBSD Project is pleased to announce NetBSD 7.0.1 on May 28, 2016, the first security/bugfix update of the NetBSD 7.0 release branch. It represents a selected subset of fixes deemed important for security or stability reasons. If you are running an earlier release of NetBSD, we strongly suggest updating to 7.0.1.

Download & Install Gentoo Linux 20160514

The ISO images for 32bit & 64bit can be downloaded from the official web site download section.

Security fixes on NetBSD 7.0.1

  • NetBSD-SA2016-001 Multiple vulnerabilities in ntp daemon
  • NetBSD-SA2016-004 Multiple vulnerabilities in the compatibility layers
  • NetBSD-SA2016-005 bozohttpd CGI handlers potential remote code execution
  • BIND: Update to 9.10.3-P4.
  • expat: Fix CVE-2016-0718.
  • NTP: Update to 4.2.8p7.
  • OpenSSH: Fix CVE-2015-5352, CVE-2015-6565, CVE-2015-8325, and CVE-2016-0777.
  • OpenSSL: Update to 1.0.1t.
  • xen: Fix XSA155 (CVE-2015-8550).

Security fixes on NetBSD 7.0.1

  • Add to ssh_known_hosts.
  • Avoid “vnconfig -l” infinite loop with netbsd-6 or older userland.
  • Avoid a crash when mounting an ados file system.
  • Avoid a panic when unplugging a mounted umass(4) device. PR kern/50467.
  • Don’t leak garbage from the kernel stack on sleep(0) and equivalents.
  • Fix ARM1136 function selection. PR port-arm/50512.
, ,

Post navigation