===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.858
retrieving revision 1.859
diff -u -r1.858 -r1.859
--- www/plus.html 2003/02/20 22:47:50 1.858
+++ www/plus.html 2003/02/22 23:52:02 1.859
@@ -59,7 +59,10 @@
pfctl(8) rejects non-existent interfaces in rules using dynamic interface syntax.
Move /var/at files into /var/cron since at(1) is now a part of cron(8).
Fix support for pf(4) syntax (if)/24 (dynamic interface name translation with a network prefix.)
-Pull in from OpenSSL 0.9.7a a fix for a timing-based attack against CBC (assigned CAN-2003-0078.)
+
+SECURITY FIX: February 22, 2003: In ssl(8) an information leak can occur via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This fix is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078). Also, check for negative sizes in memory allocation routines.
+ A source code patch is available.
+ [Applied to stable]
Add a counter for netstat(1) showing how often ipcomp(4) was skipped because the packet size was below the compression threshold.
Fix a buffer overflow in pfctl(8) on 64-bit platforms.
Stability updates to vr(4).
@@ -94,6 +97,7 @@
When outputting raw IP and generating the header manually, make sure the packet is large enough for a full IP header.
Fix an mbuf leak in IPv6 TCP.
+ [Applied to stable]
Now that pf(4) tables spring into existence on demand, remove the unnecessary '-T create' option.
Have arc4random(3) stir the pool when the caller's pid changes.
Add 'scrub in all no-df' to the initial pf.conf(5) installed by /etc/rc. This helps diskless booters using Linux NFS servers.
@@ -905,7 +909,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.858 2003/02/20 22:47:50 deraadt Exp $
+
$OpenBSD: plus.html,v 1.859 2003/02/22 23:52:02 margarida Exp $