version 1.22, 2002/04/16 18:33:07 |
version 1.23, 2002/04/17 07:21:06 |
|
|
<p> |
<p> |
<a name=ipf_frag></a> |
<a name=ipf_frag></a> |
<li><font color=#009000><strong>027: SECURITY FIX: Apr 23, 2001</strong></font><br> |
<li><font color=#009000><strong>027: SECURITY FIX: Apr 23, 2001</strong></font><br> |
IPF has a serious problem with fragment cacheing, the bug is triggered if you use the ipf(5) syntax "keep state".<br> |
IPF has a serious problem with fragment caching, the bug is triggered if you use the ipf(5) syntax "keep state".<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/027_ipf-frag.patch">A source code patch exists which remedies the problem.</a><br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/027_ipf-frag.patch">A source code patch exists which remedies the problem.</a><br> |
<p> |
<p> |
<a name=glob_limit></a> |
<a name=glob_limit></a> |
|
|
<p> |
<p> |
<a name=rijndael> </a> |
<a name=rijndael> </a> |
<li><font color=#009000><strong>004: RELIABILITY FIX: Nov 17, 2000</strong></font><br> |
<li><font color=#009000><strong>004: RELIABILITY FIX: Nov 17, 2000</strong></font><br> |
First off, AES (rijndael) encryption and decryption were broken for IPsec |
First off, AES (Rijndael) encryption and decryption were broken for IPsec |
and swap encryption.<br> |
and swap encryption.<br> |
Secondly, the AES code did not work properly on big endian machines.<br> |
Secondly, the AES code did not work properly on big endian machines.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch"> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch"> |