| version 1.300, 2004/10/23 20:34:08 |
version 1.301, 2004/10/29 17:22:17 |
|
|
| <a href="#32">3.2</a>, |
<a href="#32">3.2</a>, |
| <a href="#33">3.3</a>, |
<a href="#33">3.3</a>, |
| <a href="#34">3.4</a>, |
<a href="#34">3.4</a>, |
| <a href="#35">3.5</a>. |
<a href="#35">3.5</a>, |
| |
<a href="#36">3.6</a>. |
| </td> |
</td> |
| </tr> |
</tr> |
| </table> |
</table> |
|
|
| <li><h3><font color="#e00000">Advisories</font></h3><p> |
<li><h3><font color="#e00000">Advisories</font></h3><p> |
| |
|
| <li> |
<li> |
| |
<a name="36"></a> |
| |
|
| |
<h3><font color="#e00000">OpenBSD 3.6 Security Advisories</font></h3> |
| |
These are the OpenBSD 3.6 advisories -- all these problems are solved |
| |
in <a href=anoncvs.html>OpenBSD current</a> and the |
| |
<a href=stable.html>patch branch</a>. |
| |
|
| |
<p> |
| |
There are no security advisories for OpenBSD 3.6 at the moment. |
| |
|
| |
<p> |
| |
<li> |
| <a name="35"></a> |
<a name="35"></a> |
| |
|
| <h3><font color="#e00000">OpenBSD 3.5 Security Advisories</font></h3> |
<h3><font color="#e00000">OpenBSD 3.5 Security Advisories</font></h3> |
|
|
| |
|
| <p> |
<p> |
| <ul> |
<ul> |
| <li><a href="errata.html#radius">Sep 20, 2004: |
<li><a href="errata35.html#radius">Sep 20, 2004: |
| Radius-based authentication is vulnerable to spoofed replies.</a> |
Radius-based authentication is vulnerable to spoofed replies.</a> |
| <li><a href="errata.html#xpm">Sep 16, 2004: |
<li><a href="errata35.html#xpm">Sep 16, 2004: |
| The Xpm library has vulnerabilities when parsing malicious images.</a> |
The Xpm library has vulnerabilities when parsing malicious images.</a> |
| <li><a href="errata.html#httpd2"> Sep 10, 2004: |
<li><a href="errata35.html#httpd2"> Sep 10, 2004: |
| httpd(8)'s mod_rewrite module can be made to write one zero byte in |
httpd(8)'s mod_rewrite module can be made to write one zero byte in |
| an arbitrary memory position outside of a char array, causing a DoS |
an arbitrary memory position outside of a char array, causing a DoS |
| or possibly buffer overflows.</a> |
or possibly buffer overflows.</a> |
| <li><a href="errata.html#httpd"> Jun 12, 2004: |
<li><a href="errata35.html#httpd"> Jun 12, 2004: |
| Multiple vulnerabilities have been found in httpd(8) / mod_ssl.</a> |
Multiple vulnerabilities have been found in httpd(8) / mod_ssl.</a> |
| <li><a href="errata.html#isakmpd"> Jun 10, 2004: |
<li><a href="errata35.html#isakmpd"> Jun 10, 2004: |
| isakmpd(8) still has issues with unauthorized SA deletion, |
isakmpd(8) still has issues with unauthorized SA deletion, |
| an attacker can delete IPsec tunnels at will.</a> |
an attacker can delete IPsec tunnels at will.</a> |
| <li><a href="errata.html#cvs3"> Jun 9, 2004: |
<li><a href="errata35.html#cvs3"> Jun 9, 2004: |
| Multiple remote vulnerabilities have been found in the cvs(1) |
Multiple remote vulnerabilities have been found in the cvs(1) |
| server which can be used by CVS clients to crash or execute |
server which can be used by CVS clients to crash or execute |
| arbitrary code on the server.</a> |
arbitrary code on the server.</a> |
| <li><a href="errata.html#kerberos"> May 30, 2004: |
<li><a href="errata35.html#kerberos"> May 30, 2004: |
| kdc(8) performs inadequate checking of request fields, leading |
kdc(8) performs inadequate checking of request fields, leading |
| to the possibility of principal impersonation from other |
to the possibility of principal impersonation from other |
| Kerberos realms if they are trusted with a cross-realm trust.</a> |
Kerberos realms if they are trusted with a cross-realm trust.</a> |
| <li><a href="errata.html#xdm"> May 26, 2004: |
<li><a href="errata35.html#xdm"> May 26, 2004: |
| xdm(1) ignores the requestPort resource and creates a |
xdm(1) ignores the requestPort resource and creates a |
| listening socket regardless of the setting in xdm-config.</a> |
listening socket regardless of the setting in xdm-config.</a> |
| <li><a href="errata.html#cvs2"> May 20, 2004: |
<li><a href="errata35.html#cvs2"> May 20, 2004: |
| A buffer overflow in the cvs(1) server has been found, |
A buffer overflow in the cvs(1) server has been found, |
| which can be used by CVS clients to execute arbitrary code on |
which can be used by CVS clients to execute arbitrary code on |
| the server.</a> |
the server.</a> |
| <li><a href="errata.html#procfs"> May 13, 2004: |
<li><a href="errata35.html#procfs"> May 13, 2004: |
| Integer overflow problems were found in procfs, allowing |
Integer overflow problems were found in procfs, allowing |
| reading of arbitrary kernel memory.</a> |
reading of arbitrary kernel memory.</a> |
| <li><a href="errata.html#cvs"> May 5, 2004: |
<li><a href="errata35.html#cvs"> May 5, 2004: |
| Pathname validation problems have been found in cvs(1), |
Pathname validation problems have been found in cvs(1), |
| allowing clients and servers access to files outside the |
allowing clients and servers access to files outside the |
| repository or local CVS tree.</a> |
repository or local CVS tree.</a> |
| </ul> |
</ul> |
| |
|
| <p> |
<p> |
| |
OpenBSD 3.4 and earlier releases are not supported anymore. The following |
| |
paragraphs only list advisories issued while they were maintained; these |
| |
releases are likely to be affected by the advisories for more recent releases. |
| |
<br> |
| |
|
| <li> |
<li> |
| <a name="34"></a> |
<a name="34"></a> |
| |
|
| <h3><font color="#e00000">OpenBSD 3.4 Security Advisories</font></h3> |
<h3><font color="#e00000">OpenBSD 3.4 Security Advisories</font></h3> |
| These are the OpenBSD 3.4 advisories -- all these problems are solved |
These are the OpenBSD 3.4 advisories -- all these problems are solved |
| in <a href="anoncvs.html">OpenBSD current</a> and the |
in <a href="anoncvs.html">OpenBSD current</a>. The |
| <a href="stable.html">patch branch</a>. |
<a href="stable.html">patch branch</a> for 3.4 is no longer being maintained, |
| |
you should update your machine. |
| <p> |
<p> |
| <ul> |
<ul> |
| <li><a href="errata34.html#xpm">Sep 16, 2004: |
<li><a href="errata34.html#xpm">Sep 16, 2004: |
|
|
| allow an attacker to mount a denial of service attack against |
allow an attacker to mount a denial of service attack against |
| applications linked with ssl(3).</a> |
applications linked with ssl(3).</a> |
| </ul> |
</ul> |
| |
|
| <p> |
|
| OpenBSD 3.3 and earlier releases are not supported anymore. The following |
|
| paragraphs only list advisories issued while they were maintained; these |
|
| releases are likely to be affected by the advisories for more recent releases. |
|
| <br> |
|
| |
|
| <li> |
<li> |
| <a name="33"></a> |
<a name="33"></a> |
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www