===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus41.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -c -r1.4 -r1.5
*** www/plus41.html 2007/03/08 17:58:54 1.4
--- www/plus41.html 2007/03/13 01:44:49 1.5
***************
*** 921,927 ****
Various binutils and gcc(1) additions to handle 32-bit SuperH cpus.
In pf.conf(5), make 'flags S/SA keep state' the implicit default for filter rules.
! SECURITY FIX: Integer overflow in systrace(4)'s STRIOCREPLACE support. This could be exploited for DoS, limited kmem reads or local privilege escalation.
A source code patch is available.
[Applied to stable]
Update OpenSSH to 4.4.
Always allow read-only opens on (s)vnd devices, despite the type of the first open (svnd vs vnd).
--- 921,927 ----
Various binutils and gcc(1) additions to handle 32-bit SuperH cpus.
In pf.conf(5), make 'flags S/SA keep state' the implicit default for filter rules.
! SECURITY FIX: Integer overflow in systrace(4)'s STRIOCREPLACE support. This could be exploited for DoS, limited kmem reads or local privilege escalation.
A source code patch is available.
[Applied to stable]
Update OpenSSH to 4.4.
Always allow read-only opens on (s)vnd devices, despite the type of the first open (svnd vs vnd).
***************
*** 930,936 ****
Fix for write(1) to handle cases where the utmp file is missing.
Fixes for pci(4) where unit numbers do not match PCI Bus number.
SECURITY FIX: Several problems have been found in OpenSSL. While parsing certain invalid ASN.1 structures an error condition is mishandled, possibly resulting in an infinite loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL pointer may be dereferenced in the SSL version 2 client code. In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used.
! A source code patch is available.
[Applied to stable]
Use 64 bit daddr type for physical block numbers in the filesystem code.
--- 930,936 ----
Fix for write(1) to handle cases where the utmp file is missing.
Fixes for pci(4) where unit numbers do not match PCI Bus number.
SECURITY FIX: Several problems have been found in OpenSSL. While parsing certain invalid ASN.1 structures an error condition is mishandled, possibly resulting in an infinite loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL pointer may be dereferenced in the SSL version 2 client code. In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used.
! A source code patch is available.
[Applied to stable]
Use 64 bit daddr type for physical block numbers in the filesystem code.
***************
*** 1062,1068 ****
www@openbsd.org
!
$OpenBSD: plus41.html,v 1.4 2007/03/08 17:58:54 jasper Exp $