version 1.61, 2017/03/28 04:04:52 |
version 1.62, 2017/03/28 06:41:18 |
|
|
|
|
<ul> |
<ul> |
|
|
<li id="017_openssl"> |
<li id="p017_openssl"> |
<font color="#009000"><strong>017: SECURITY FIX: October 10, 2007</strong></font> |
<font color="#009000"><strong>017: SECURITY FIX: October 10, 2007</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The SSL_get_shared_ciphers() function in OpenSSL contains an off-by-one overflow. |
The SSL_get_shared_ciphers() function in OpenSSL contains an off-by-one overflow. |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="016_dhcpd"> |
<li id="p016_dhcpd"> |
<font color="#009000"><strong>016: SECURITY FIX: October 8, 2007</strong></font> |
<font color="#009000"><strong>016: SECURITY FIX: October 8, 2007</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Malicious DHCP clients could cause dhcpd(8) to corrupt its stack<br> |
Malicious DHCP clients could cause dhcpd(8) to corrupt its stack<br> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="015_file"> |
<li id="p015_file"> |
<font color="#009000"><strong>015: SECURITY FIX: July 9, 2007</strong></font> |
<font color="#009000"><strong>015: SECURITY FIX: July 9, 2007</strong></font> |
<i>All Architectures</i><br> |
<i>All Architectures</i><br> |
Fix possible heap overflow in file(1), aka CVE-2007-1536.<br> |
Fix possible heap overflow in file(1), aka CVE-2007-1536.<br> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="014_xorg"> |
<li id="p014_xorg"> |
<font color="#009000"><strong>014: STABILITY FIX: May 9, 2007</strong></font> |
<font color="#009000"><strong>014: STABILITY FIX: May 9, 2007</strong></font> |
<i>All Architectures</i><br> |
<i>All Architectures</i><br> |
A malicious client can cause a division by zero.<br> |
A malicious client can cause a division by zero.<br> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="013_altivec"> |
<li id="p013_altivec"> |
<font color="#009000"><strong>013: STABILITY FIX: April 26, 2007</strong></font> |
<font color="#009000"><strong>013: STABILITY FIX: April 26, 2007</strong></font> |
<i>PowerPC</i><br> |
<i>PowerPC</i><br> |
An unhandled AltiVec assist exception can cause a kernel panic.<br> |
An unhandled AltiVec assist exception can cause a kernel panic.<br> |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="012_route6"> |
<li id="p012_route6"> |
<font color="#009000"><strong>012: SECURITY FIX: April 23, 2007</strong></font> |
<font color="#009000"><strong>012: SECURITY FIX: April 23, 2007</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
IPv6 type 0 route headers can be used to mount a DoS attack against |
IPv6 type 0 route headers can be used to mount a DoS attack against |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="011_xorg"> |
<li id="p011_xorg"> |
<font color="#009000"><strong>011: SECURITY FIX: April 4, 2007</strong></font> |
<font color="#009000"><strong>011: SECURITY FIX: April 4, 2007</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Multiple vulnerabilities have been discovered in X.Org.<br> |
Multiple vulnerabilities have been discovered in X.Org.<br> |
|
|
<strong>2nd revision, March 17, 2007</strong><br> |
<strong>2nd revision, March 17, 2007</strong><br> |
Incorrect mbuf handling for ICMP6 packets.<br> |
Incorrect mbuf handling for ICMP6 packets.<br> |
Using |
Using |
<a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> |
<a href="http://man.openbsd.org/OpenBSD-4.0/pf.4">pf(4)</a> |
to avoid the problem packets is an effective workaround until the patch |
to avoid the problem packets is an effective workaround until the patch |
can be installed.<br> |
can be installed.<br> |
Use "block in inet6" in /etc/pf.conf |
Use "block in inet6" in /etc/pf.conf |
|
|
<font color="#009000"><strong>007: SECURITY FIX: January 3, 2007</strong></font> |
<font color="#009000"><strong>007: SECURITY FIX: January 3, 2007</strong></font> |
<i>i386 only</i><br> |
<i>i386 only</i><br> |
Insufficient validation in |
Insufficient validation in |
<a href="http://man.openbsd.org/?query=vga&sektion=4">vga(4)</a> |
<a href="http://man.openbsd.org/OpenBSD-4.0/vga.4">vga(4)</a> |
may allow an attacker to gain root privileges if the kernel is compiled with |
may allow an attacker to gain root privileges if the kernel is compiled with |
<tt>option PCIAGP</tt> |
<tt>option PCIAGP</tt> |
and the actual device is not an AGP device. |
and the actual device is not an AGP device. |
|
|
<font color="#009000"><strong>005: SECURITY FIX: November 19, 2006</strong></font> |
<font color="#009000"><strong>005: SECURITY FIX: November 19, 2006</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The ELF |
The ELF |
<a href="http://man.openbsd.org/?query=ld.so&sektion=1">ld.so(1)</a> |
<a href="http://man.openbsd.org/OpenBSD-4.0/ld.so.1">ld.so(1)</a> |
fails to properly sanitize the environment. There is a potential localhost security |
fails to properly sanitize the environment. There is a potential localhost security |
problem in cases we have not found yet. This patch applies to all ELF-based |
problem in cases we have not found yet. This patch applies to all ELF-based |
systems (m68k, m88k, and vax are a.out-based systems). |
systems (m68k, m88k, and vax are a.out-based systems). |
|
|
<font color="#009000"><strong>004: RELIABILITY FIX: November 7, 2006</strong></font> |
<font color="#009000"><strong>004: RELIABILITY FIX: November 7, 2006</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Due to a bug in the |
Due to a bug in the |
<a href="http://man.openbsd.org/?query=arc&sektion=4">arc(4)</a> |
<a href="http://man.openbsd.org/OpenBSD-4.0/arc.4">arc(4)</a> |
RAID driver the driver will not properly synchronize the cache to the logical volumes |
RAID driver the driver will not properly synchronize the cache to the logical volumes |
upon system shut down. The result being that the mounted file systems within the logical |
upon system shut down. The result being that the mounted file systems within the logical |
volumes will not be properly marked as being clean and fsck will be run for the subsequent |
volumes will not be properly marked as being clean and fsck will be run for the subsequent |
|
|
<font color="#009000"><strong>003: SECURITY FIX: November 4, 2006</strong></font> |
<font color="#009000"><strong>003: SECURITY FIX: November 4, 2006</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Fix for an integer overflow in |
Fix for an integer overflow in |
<a href="http://man.openbsd.org/?query=systrace&sektion=4">systrace(4)</a>'s |
<a href="http://man.openbsd.org/OpenBSD-4.0/systrace.4">systrace(4)</a>'s |
STRIOCREPLACE support, found by |
STRIOCREPLACE support, found by |
Chris Evans. This could be exploited for DoS, limited kmem reads or local |
Chris Evans. This could be exploited for DoS, limited kmem reads or local |
privilege escalation. |
privilege escalation. |
|
|
<li id="httpd"> |
<li id="httpd"> |
<font color="#009000"><strong>001: SECURITY FIX: November 4, 2006</strong></font> |
<font color="#009000"><strong>001: SECURITY FIX: November 4, 2006</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
<a href="http://man.openbsd.org/?query=httpd&sektion=8">httpd(8)</a> |
<a href="http://man.openbsd.org/OpenBSD-4.0/httpd.8">httpd(8)</a> |
does not sanitize the Expect header from an HTTP request when it is |
does not sanitize the Expect header from an HTTP request when it is |
reflected back in an error message, which might allow cross-site scripting (XSS) |
reflected back in an error message, which might allow cross-site scripting (XSS) |
style attacks. |
style attacks. |