version 1.14, 2009/02/22 22:09:38 |
version 1.15, 2009/04/08 02:33:03 |
|
|
|
|
<ul> |
<ul> |
|
|
|
<li><a name="012_openssl"></a> |
|
<font color="#009000"><strong>012: RELIABILITY FIX: April 8, 2009</strong></font> <i>All architectures</i><br> |
|
The OpenSSL ASN.1 handling code could be forced to perform invalid memory |
|
accesses though the use of certain invalid strings |
|
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590">CVE-2009-0590</a>) |
|
or under certain error conditions triggerable by invalid ASN.1 structures |
|
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789">CVE-2009-0789</a>). |
|
These vulnerabilities could be exploited to achieve a |
|
denial-of-service. A more detailed description of these problems is available |
|
in the |
|
<a href="http://www.openssl.org/news/secadv_20090325.txt">OpenSSL security advisory</a>, but note that the other issue described there "Incorrect Error |
|
Checking During CMS verification" relates to code not enabled in OpenBSD. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/012_openssl.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
<li><a name="011_sudo"></a> |
<li><a name="011_sudo"></a> |
<font color="#009000"><strong>011: SECURITY FIX: February 22, 2009</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>011: SECURITY FIX: February 22, 2009</strong></font> <i>All architectures</i><br> |
sudo(8) may allow a user listed in the sudoers file to run a command |
sudo(8) may allow a user listed in the sudoers file to run a command |