www/errata30.html - diff

Return to errata30.html CVS log

Up to [local] / www

Diff for /www/errata30.html between version 1.23 and 1.24

-version 1.23, 2002/07/12 07:41:58
+version 1.24, 2002/07/30 13:42:54
 Line 49
 Line 49
 Line 49
  <a name=all></a>
  <li><h3><font color=#e00000>All architectures</font></h3>
  <ul>
+ <a name=ssl></a>
+ <li><font color=#009000><strong>030: SECURITY FIX: July 30, 2002</strong></font><br>
+ Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&amp;sektion=8">ssl(8)</a> library, as in the ASN.1 parser code in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&amp;sektion=3">crypto(3)</a> library, all of them being potentially remotely exploitable.
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/030_ssl.patch">A source code patch exists which remedies the problem</a>.
+ <a name=xdr></a>
+ <li><font color=#009000><strong>029: SECURITY FIX: July 29, 2002</strong></font><br>
+ A buffer overflow can occur in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&amp;sektion=3">xdr_array(3)</a> RPC code, leading to possible remote crash.<br>
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/029_xdr.patch">A source code patch exists which remedies the problem</a>.
+ <a name=pppd></a>
+ <li><font color=#009000><strong>028: SECURITY FIX: July 29, 2002</strong></font><br>
+ A race condition exists in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&amp;sektion=8">pppd(8)</a> daemon which may cause it to alter the file permissions of an arbitrary file.<br>
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/028_pppd.patch">A source code patch exists which remedies the problem</a>.
  <a name=isakmpd2></a>
  <li><font color=#009000><strong>027: RELIABILITY FIX: July 5, 2002</strong></font><br>
  Receiving IKE payloads out of sequence can cause