www/errata.html - diff

Return to errata.html CVS log

Up to [local] / www

Diff for /www/errata.html between version 1.409 and 1.410

-version 1.409, 2002/07/17 19:26:10
+version 1.410, 2002/07/30 13:42:53
 Line 49
 Line 49
 Line 49
  <a name=all></a>
  <li><h3><font color=#e00000>All architectures</font></h3>
  <ul>
+ <a name=ssl></a>
+ <li><font color=#009000><strong>013: SECURITY FIX: July 30, 2002</strong></font><br>
+ Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&amp;sektion=8">ssl(8)</a> library, as in the ASN.1 parser code in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&amp;sektion=3">crypto(3)</a> library, all of them being potentially remotely exploitable.
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/013_ssl.patch">A source code patch exists which remedies the problem</a>.
+ <a name=xdr></a>
+ <li><font color=#009000><strong>012: SECURITY FIX: July 29, 2002</strong></font><br>
+ A buffer overflow can occur in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&amp;sektion=3">xdr_array(3)</a> RPC code, leading to possible remote crash.<br>
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/012_xdr.patch">A source code patch exists which remedies the problem</a>.
+ <a name=pppd></a>
+ <li><font color=#009000><strong>011: SECURITY FIX: July 29, 2002</strong></font><br>
+ A race condition exists in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&amp;sektion=8">pppd(8)</a> daemon which may cause it to alter the file permissions of an arbitrary file.<br>
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/011_pppd.patch">A source code patch exists which remedies the problem</a>.
  <a name=isakmpd></a>
  <li><font color=#009000><strong>010: RELIABILITY FIX: July 5, 2002</strong></font><br>
  Receiving IKE payloads out of sequence can cause