NetBSD 5.0.1 is the first security/critical update of the NetBSD 5.0 release branch.
It represents a selected subset of fixes deemed critical in nature for security or stability reasons.
Security advisory fixes
- NetBSD-SA2009-004, NetBSD OpenPAM passwd(1) changing weakness.
- NetBSD-SA2009-005, Plaintext Recovery Attack Against SSH.
- NetBSD-SA2009-006, Buffer overflows in ntp.
- NetBSD-SA2009-007, Buffer overflows in hack(6).
- NetBSD-SA2009-008, OpenSSL ASN1 parsing denial of service and CMS signature verification weakness.
- NetBSD-SA2009-009, OpenSSL DTLS Memory Exhaustion and DSA signature verification vulnerabilities.
- NetBSD-SA2009-010, ISC dhclient subnet-mask flag stack overflow.
- NetBSD-SA2009-011, ISC DHCP server Denial of Service vulnerability.
- NetBSD-SA2009-012, SHA2 implementation potential buffer overflow.
- NetBSD-SA2009-013, BIND named dynamic update Denial of Service vulnerability.
Note: Advisories prior to NetBSD-SA2009-004 do not affect NetBSD 5.0.
- Fix random “filesystem full” messages on large FFS file systems.
- Fix a regression in the 4.4BSD scheduler, improving interactive performance under load.
- Remove a race where physio_done() may use memory already freed. Fixes PR kern/39536.
- Fix a crash observed when trying to load a corrupted ELF kernel module.
- Fix PR kern/41566, where writes on the controlling tty were not being awoken from blocks.
- Various fixes for POSIX message queues.
- Fix a possible deadlock in the VFS subsystem.
- Fixes for POSIX advisory locks.
- A number of other stability fixes.
- Follow exactly the recommendation of draft-ietf-tcpm-tcpsecure-11.txt: Don’t check gainst the last ack received, but the expected sequence number. This makes RST handling independent of delayed ACK.
- Fix a panic when trying to disable IPFilter before enabling it. Fixes PR kern/41364.
NetBSD 5.0.1 is available for download here.