version 1.8, 2010/11/27 19:51:44 |
version 1.9, 2011/01/13 19:44:22 |
|
|
<p> |
<p> |
|
|
<ul> |
<ul> |
|
<!-- 2010/12/17 --> |
|
<li><font color="#e00000"><strong>RELIABILITY FIX: Bring CBC oracle attack countermeasures to hardware crypto accelerator land. This fixes aes-ni, via xcrypt and various drivers: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glxsb&arch=i386&sektion=4">glxsb(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=safe&sektion=4">safe(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.</strong></font><br> |
|
<a href="errata48.html#006_cbc">A source code patch is available</a>.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
|
<li><font color="#e00000"><strong>SECURITY FIX: Insufficent initialization of the pf rule structure in the ioctl handler may allow userland to modify kernel memory. By default root privileges are needed to add or modify pf rules.</strong></font><br> |
|
<a href="errata48.html#005_pf">A source code patch is available</a>.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<!-- 2010/11/17 --> |
<!-- 2010/11/17 --> |
<li><font color="#e00000"><strong>RELIABILITY FIX: Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded and use OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are not affected.</strong></font><br> |
<li><font color="#e00000"><strong>RELIABILITY FIX: Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded and use OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are not affected.</strong></font><br> |
<a href="errata48.html#004_openssl">A source code patch is available</a>.<br> |
<a href="errata48.html#004_openssl">A source code patch is available</a>.<br> |