-027: SECURITY FIX: March 31, 2003
+027: SECURITY FIX: March 31, 2003All architectures
A buffer overflow in the address parsing in
sendmail(8)
@@ -96,7 +94,7 @@
A source code patch exists which remedies this problem.
-026: SECURITY FIX: March 24, 2003
+026: SECURITY FIX: March 24, 2003All architectures
The cryptographic weaknesses in the Kerberos v4 protocol can be exploited
on Kerberos v5 as well.
@@ -105,16 +103,16 @@
A source code patch exists which remedies this problem.
-025: SECURITY FIX: March 19, 2003
+025: SECURITY FIX: March 19, 2003All architectures
-OpenSSL is vulnerable to an extension of the ``Bleichenbacher'' attack designed
+OpenSSL is vulnerable to an extension of the "Bleichenbacher" attack designed
by Czech researchers Klima, Pokorny and Rosa.
A source code patch exists which remedies this problem.
-024: SECURITY FIX: March 18, 2003
+024: SECURITY FIX: March 18, 2003All architectures
Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.
@@ -122,7 +120,7 @@
A source code patch exists which remedies this problem.
-023: SECURITY FIX: March 5, 2003
+023: SECURITY FIX: March 5, 2003All architectures
A fix for an
lprm(1)
@@ -132,7 +130,7 @@
A source code patch exists which remedies this problem.
-022: SECURITY FIX: March 3, 2003
+022: SECURITY FIX: March 3, 2003All architectures
A buffer overflow in the envelope comments processing in
sendmail(8)
@@ -141,7 +139,7 @@
A source code patch exists which remedies this problem.
-021: SECURITY FIX: February 23, 2003
+021: SECURITY FIX: February 23, 2003All architectures
In
ssl(8) an information leak can occur via timing by performing a MAC computation
@@ -151,7 +149,7 @@
A source code patch exists which fixes these two issues.
-020: SECURITY FIX: January 20, 2003
+020: SECURITY FIX: January 20, 2003All architectures
A double free in
cvs(1)
@@ -164,7 +162,7 @@
A source code patch exists which remedies this problem.
-019: SECURITY FIX: November 14, 2002
+019: SECURITY FIX: November 14, 2002All architectures
A buffer overflow in
named(8)
@@ -175,7 +173,7 @@
A source code patch exists which remedies this problem.
-018: SECURITY FIX: November 6, 2002
+018: SECURITY FIX: November 6, 2002All architectures
Incorrect argument checking in the
getrlimit(2)
@@ -184,7 +182,7 @@
A source code patch exists which remedies this problem.
-017: SECURITY FIX: November 6, 2002
+017: SECURITY FIX: November 6, 2002All architectures
An attacker can bypass the restrictions imposed by sendmail's restricted shell,
smrsh(8),
@@ -193,7 +191,7 @@
A source code patch exists which remedies this problem.
-016: SECURITY FIX: October 21, 2002
+016: SECURITY FIX: October 21, 2002All architectures
A buffer overflow can occur in the
kadmind(8)
@@ -202,7 +200,7 @@
A source code patch exists which remedies this problem.
-015: SECURITY FIX: October 2, 2002
+015: SECURITY FIX: October 2, 2002All architectures
Incorrect argument checking in the
setitimer(2) system call may allow an attacker to write to kernel memory.
@@ -210,7 +208,7 @@
A source code patch exists which remedies this problem.
-014: SECURITY FIX: August 11, 2002
+014: SECURITY FIX: August 11, 2002All architectures
An insufficient boundary check in the
select(2)
@@ -220,7 +218,7 @@
A source code patch exists which remedies this problem.
-013: SECURITY FIX: July 30, 2002
+013: SECURITY FIX: July 30, 2002All architectures
Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the
ssl(8)
@@ -233,7 +231,7 @@
This is the second version of the patch.
-012: SECURITY FIX: July 29, 2002
+012: SECURITY FIX: July 29, 2002All architectures
A buffer overflow can occur in the
xdr_array(3)
@@ -244,7 +242,7 @@
This is the second version of the patch.
-011: SECURITY FIX: July 29, 2002
+011: SECURITY FIX: July 29, 2002All architectures
A race condition exists in the
pppd(8)
@@ -253,7 +251,7 @@
A source code patch exists which remedies this problem.
-010: RELIABILITY FIX: July 5, 2002
+010: RELIABILITY FIX: July 5, 2002All architectures
Receiving IKE payloads out of sequence can cause
isakmpd(8) to crash.
@@ -263,14 +261,14 @@
This is the second version of the patch.
-008: SECURITY FIX: June 26, 2002
+008: SECURITY FIX: June 26, 2002All architectures
A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd
module, leading to possible remote crash or exploit.
@@ -278,14 +276,14 @@
A source code patch exists which remedies this problem.
-006: SECURITY FIX: June 24, 2002
+006: SECURITY FIX: June 24, 2002All architectures
All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation
error that can result in an integer overflow and privilege escalation.
@@ -294,7 +292,7 @@
security advisory.
-005: SECURITY FIX: June 19, 2002
+005: SECURITY FIX: June 19, 2002All architectures
A buffer overflow can occur during the interpretation of chunked
encoding in the http daemon, leading to possible remote crash or exploit.
@@ -302,7 +300,7 @@
A source code patch exists which remedies this problem.
-004: SECURITY FIX: May 22, 2002
+004: SECURITY FIX: May 22, 2002All architectures
Under certain conditions, on systems using YP with netgroups in the
password database, it is possible that
@@ -315,7 +313,7 @@
A source code patch exists which remedies this problem.
-003: SECURITY FIX: May 8, 2002
+003: SECURITY FIX: May 8, 2002All architectures
A race condition exists where an attacker could fill the file descriptor
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
@@ -324,14 +322,14 @@
A source code patch exists which remedies this problem.
-001: SECURITY FIX: April 22, 2002
+001: SECURITY FIX: April 22, 2002All architectures
A local user can gain super-user privileges due to a buffer overflow
in sshd(8)
@@ -346,6 +344,3 @@