![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www|
Return to plus.html CVS log | Up to [local] / www |
| version 1.859, 2003/02/22 23:52:02 | version 1.860, 2003/02/22 23:59:25 | ||
|---|---|---|---|
|
|
||
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rejects non-existent interfaces in rules using dynamic interface syntax. | <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rejects non-existent interfaces in rules using dynamic interface syntax. | ||
| <li>Move /var/at files into /var/cron since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> is now a part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>. | <li>Move /var/at files into /var/cron since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> is now a part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>. | ||
| <li>Fix support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> syntax (if)/24 (dynamic interface name translation with a network prefix.) | <li>Fix support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> syntax (if)/24 (dynamic interface name translation with a network prefix.) | ||
| <li><font color="#e00000"><strong>SECURITY FIX: February 22, 2003: In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation even if incorrrect block cipher padding has been found, this is a countermeasure. Also, check for negative sizes in memory allocation routines.</strong></font><br> | |||
| <li><font color="#e00000"><strong>SECURITY FIX: February 22, 2003: In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This fix is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078). Also, check for negative sizes in memory allocation routines.</strong></font><br> | |||
| <a href="errata.html#ssl">A source code patch is available</a>.<br> | <a href="errata.html#ssl">A source code patch is available</a>.<br> | ||
| <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> | <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> | ||
| <li>Add a counter for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> showing how often <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a> was skipped because the packet size was below the compression threshold. | <li>Add a counter for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> showing how often <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a> was skipped because the packet size was below the compression threshold. |