-015: SECURITY FIX: October 12, 2006All architectures
-Fix 2 security bugs found in OpenSSH. A pre-authentication denial of service (found
-by Tavis Ormandy) that would cause
-sshd(8)
-to spin until the login grace time expired.
-An unsafe signal handler (found by Mark Dowd) that is vulnerable to a race condition
-that could be exploited to perform a pre-authentication denial of service.
-CVE-2006-4924,
-CVE-2006-5051
-
-
-A source code patch exists which remedies this problem.
-
-
-
-014: SECURITY FIX: October 7, 2006All architectures
-Fix for an integer overflow in
-systrace(4)'s
-STRIOCREPLACE support, found by
-Chris Evans. This could be exploited for DoS, limited kmem reads or local
-privilege escalation.
-
-
-A source code patch exists which remedies this problem.
-
-
-
-013: SECURITY FIX: October 7, 2006All architectures
-Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
-structures an error condition is mishandled, possibly resulting in an infinite
-loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
-pointer may be dereferenced in the SSL version 2 client code. In addition, many
-applications using OpenSSL do not perform any validation of the lengths of
-public keys being used.
-CVE-2006-2937,
-CVE-2006-3738,
-CVE-2006-4343,
-CVE-2006-2940
-
-
-A source code patch exists which remedies this problem.
-
-011: SECURITY FIX: September 8, 2006All architectures
-Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for
-an attacker to construct an invalid signature which OpenSSL would accept as a
-valid PKCS#1 v1.5 signature.
-CVE-2006-4339
-
-
-A source code patch exists which remedies this problem.
-
-
-
-010: SECURITY FIX: September 8, 2006All architectures
-Two Denial of Service issues have been found with BIND.
-An attacker who can perform recursive lookups on a DNS server and is able
-to send a sufficiently large number of recursive queries, or is able to
-get the DNS server to return more than one SIG(covered) RRsets can stop
-the functionality of the DNS service.
-An attacker querying an authoritative DNS server serving a RFC 2535
-DNSSEC zone may be able to crash the DNS server.
-CVE-2006-4095
-CVE-2006-4096
-
-
-A source code patch exists which remedies this problem.
-
-
-
-009: SECURITY FIX: September 2, 2006All architectures
-Due to the failure to correctly validate LCP configuration option lengths,
-it is possible for an attacker to send LCP packets via an
-sppp(4)
-connection causing the kernel to panic.
-CVE-2006-4304
-
-
-A source code patch exists which remedies this problem.
-
-
-
-008: SECURITY FIX: August 25, 2006All architectures
-A problem in
-isakmpd(8)
-caused IPsec to run partly without replay protection. If
-isakmpd(8)
-was acting as responder during SA negotiation, SA's with a replay window of size 0 were created.
-An attacker could reinject sniffed IPsec packets, which will be accepted without checking the
-replay counter.
-
-
-A source code patch exists which remedies this problem.
-
-
-
-007: SECURITY FIX: August 25, 2006All architectures
-It is possible to cause the kernel to panic when more than the default number of
-sempahores have been allocated.
-
-
-A source code patch exists which remedies this problem.
-
-005: SECURITY FIX: August 25, 2006All architectures
-A potential denial of service problem has been found in sendmail. A message
-with really long header lines could trigger a use-after-free bug causing
-sendmail to crash.
-
-
-A source code patch exists which remedies this problem.
-
-
-
-004: SECURITY FIX: July 30, 2006All architectures
-httpd(8)'s
-mod_rewrite has a potentially exploitable off-by-one buffer overflow.
-The buffer overflow may result in a vulnerability which, in combination
-with certain types of Rewrite rules in the web server configuration files,
-could be triggered remotely. The default install is not affected by the
-buffer overflow. CVE-2006-3747
-
-
-A source code patch exists which remedies this problem.
-
-
-
-003: SECURITY FIX: June 15, 2006All architectures
-A potential denial of service problem has been found in sendmail. A malformed MIME
-message could trigger excessive recursion which will lead to stack exhaustion.
-This denial of service attack only affects delivery of mail from the queue and
-delivery of a malformed message. Other incoming mail is still accepted and
-delivered. However, mail messages in the queue may not be reattempted if a
-malformed MIME message exists.
-
-
-A source code patch exists which remedies this problem.
-
-
-
-002: SECURITY FIX: May 2, 2006All architectures
-A security vulnerability has been found in the X.Org server --
-CVE-2006-1526.
-Clients authorized to connect to the X server are able to crash it and to execute
-malicious code within the X server.
-
-
-A source code patch exists which remedies this problem.
-
-
-
-001: SECURITY FIX: March 25, 2006All architectures
-A race condition has been reported to exist in the handling by sendmail of
-asynchronous signals. A remote attacker may be able to execute arbitrary code with the
-privileges of the user running sendmail, typically root. This is the second revision of
-this patch.
-
-
-A source code patch exists which remedies this problem.
-
![[OpenBSD]](images/smalltitle.gif){kind=small}
www@openbsd.org
-