www/plus48.html - diff

Return to plus48.html CVS log

Up to [local] / www

Diff for /www/plus48.html between version 1.8 and 1.9

version 1.8, 2010/11/27 19:51:44

version 1.9, 2011/01/13 19:44:22

Line 67

<ul>

<li>RELIABILITY FIX: Bring CBC oracle attack countermeasures to hardware crypto accelerator land. This fixes aes-ni, via xcrypt and various drivers: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glxsb&arch=i386&sektion=4">glxsb(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=safe&sektion=4">safe(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.

<a href="errata48.html#006_cbc">A source code patch is available</a>.

<a href="stable.html">[Applied to stable]</a>

<li>SECURITY FIX: Insufficent initialization of the pf rule structure in the ioctl handler may allow userland to modify kernel memory. By default root privileges are needed to add or modify pf rules.

<a href="errata48.html#005_pf">A source code patch is available</a>.

<a href="stable.html">[Applied to stable]</a>

<li>RELIABILITY FIX: Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded and use OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are not affected.

<a href="errata48.html#004_openssl">A source code patch is available</a>.