| version 1.410, 2002/07/30 13:42:53 |
version 1.411, 2002/07/30 13:47:24 |
|
|
| <li><font color=#009000><strong>013: SECURITY FIX: July 30, 2002</strong></font><br> |
<li><font color=#009000><strong>013: SECURITY FIX: July 30, 2002</strong></font><br> |
| Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> library, as in the ASN.1 parser code in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> library, all of them being potentially remotely exploitable. |
Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> library, as in the ASN.1 parser code in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> library, all of them being potentially remotely exploitable. |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/013_ssl.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/013_ssl.patch">A source code patch exists which remedies the problem</a>. |
| |
<p> |
| <a name=xdr></a> |
<a name=xdr></a> |
| <li><font color=#009000><strong>012: SECURITY FIX: July 29, 2002</strong></font><br> |
<li><font color=#009000><strong>012: SECURITY FIX: July 29, 2002</strong></font><br> |
| A buffer overflow can occur in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&sektion=3">xdr_array(3)</a> RPC code, leading to possible remote crash.<br> |
A buffer overflow can occur in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&sektion=3">xdr_array(3)</a> RPC code, leading to possible remote crash.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/012_xdr.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/012_xdr.patch">A source code patch exists which remedies the problem</a>. |
| |
<p> |
| <a name=pppd></a> |
<a name=pppd></a> |
| <li><font color=#009000><strong>011: SECURITY FIX: July 29, 2002</strong></font><br> |
<li><font color=#009000><strong>011: SECURITY FIX: July 29, 2002</strong></font><br> |
| A race condition exists in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a> daemon which may cause it to alter the file permissions of an arbitrary file.<br> |
A race condition exists in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a> daemon which may cause it to alter the file permissions of an arbitrary file.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/011_pppd.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/011_pppd.patch">A source code patch exists which remedies the problem</a>. |
| |
<p> |
| <a name=isakmpd></a> |
<a name=isakmpd></a> |
| <li><font color=#009000><strong>010: RELIABILITY FIX: July 5, 2002</strong></font><br> |
<li><font color=#009000><strong>010: RELIABILITY FIX: July 5, 2002</strong></font><br> |
| Receiving IKE payloads out of sequence can cause |
Receiving IKE payloads out of sequence can cause |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www