![[BACK]](/icons/back.gif){kind=icon}
Return to errata32.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www|
Return to errata32.html CVS log | Up to [local] / www |
| version 1.13, 2003/10/04 16:53:48 | version 1.14, 2003/10/04 17:54:21 | ||
|---|---|---|---|
|
|
||
| The use of certain ASN.1 encodings or malformed public keys may allow an | The use of certain ASN.1 encodings or malformed public keys may allow an | ||
| attacker to mount a denial of service attack against applications linked with | attacker to mount a denial of service attack against applications linked with | ||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>. | <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>. | ||
| This does not affect OpenSSH. | This does not affect OpenSSH.<br> | ||
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/020_asn1.patch">A source code patch exists which remedies the problem</a>.<br> | <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/020_asn1.patch">A source code patch exists which remedies the problem</a>.<br> | ||
| <p> | |||
| <a name=pfnorm></a> | <a name=pfnorm></a> | ||
| <li><font color="#009000"><strong>019: SECURITY FIX: September 24, 2003</strong></font><br> | <li><font color="#009000"><strong>019: SECURITY FIX: September 24, 2003</strong></font><br> | ||
| Three cases of potential access to freed memory have been found in | Three cases of potential access to freed memory have been found in | ||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=4">pf</a>. | <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. | ||
| At least one of them could be used to panic pf with active scrub rules remotely. | At least one of them could be used to panic pf with active scrub rules remotely.<br> | ||
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/019_pfnorm.patch">A source code patch exists which remedies the problem</a>.<br> | <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/019_pfnorm.patch">A source code patch exists which remedies the problem</a>.<br> | ||
| <p> | |||
| <a name=sendmail4></a> | <a name=sendmail4></a> | ||
| <li><font color="#009000"><strong>018: SECURITY FIX: September 17, 2003</strong></font><br> | <li><font color="#009000"><strong>018: SECURITY FIX: September 17, 2003</strong></font><br> | ||
| A buffer overflow in the address parsing in | A buffer overflow in the address parsing in |