K 10
svn:author
V 5
simon
K 8
svn:date
V 27
2005-06-29T21:46:15.000000Z
K 7
svn:log
V 771
Correct bzip2 denial of service and permission race vulnerabilities.

Obtained from:	Redhat, Steve Grubb via RedHat
Security:	CAN-2005-0953, CAN-2005-1260
Security:	FreeBSD-SA-05:14.bzip2
Approved by:	obrien

Correct TCP connection stall denial-of-service vulnerabilities.

MFC: rev 1.270 of tcp_input.c, rev 1.25 of tcp_seq.h by ps: When a TCP
packets containing a timestamp is received, inadequate checking of
sequence numbers is performed, allowing an attacker to artificially
increase the internal "recent" timestamp for a connection.

A TCP packets with the SYN flag set is accepted for established
connections, allowing an attacker to overwrite certain TCP options.

Security:	CAN-2005-0356, CAN-2005-2068
Security:	FreeBSD-SA-05:15.tcp

Approved by:	so (cperciva)

END