version 1.300, 2004/10/23 20:34:08 |
version 1.301, 2004/10/29 17:22:17 |
|
|
<a href="#32">3.2</a>, |
<a href="#32">3.2</a>, |
<a href="#33">3.3</a>, |
<a href="#33">3.3</a>, |
<a href="#34">3.4</a>, |
<a href="#34">3.4</a>, |
<a href="#35">3.5</a>. |
<a href="#35">3.5</a>, |
|
<a href="#36">3.6</a>. |
</td> |
</td> |
</tr> |
</tr> |
</table> |
</table> |
|
|
<li><h3><font color="#e00000">Advisories</font></h3><p> |
<li><h3><font color="#e00000">Advisories</font></h3><p> |
|
|
<li> |
<li> |
|
<a name="36"></a> |
|
|
|
<h3><font color="#e00000">OpenBSD 3.6 Security Advisories</font></h3> |
|
These are the OpenBSD 3.6 advisories -- all these problems are solved |
|
in <a href=anoncvs.html>OpenBSD current</a> and the |
|
<a href=stable.html>patch branch</a>. |
|
|
|
<p> |
|
There are no security advisories for OpenBSD 3.6 at the moment. |
|
|
|
<p> |
|
<li> |
<a name="35"></a> |
<a name="35"></a> |
|
|
<h3><font color="#e00000">OpenBSD 3.5 Security Advisories</font></h3> |
<h3><font color="#e00000">OpenBSD 3.5 Security Advisories</font></h3> |
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
<li><a href="errata.html#radius">Sep 20, 2004: |
<li><a href="errata35.html#radius">Sep 20, 2004: |
Radius-based authentication is vulnerable to spoofed replies.</a> |
Radius-based authentication is vulnerable to spoofed replies.</a> |
<li><a href="errata.html#xpm">Sep 16, 2004: |
<li><a href="errata35.html#xpm">Sep 16, 2004: |
The Xpm library has vulnerabilities when parsing malicious images.</a> |
The Xpm library has vulnerabilities when parsing malicious images.</a> |
<li><a href="errata.html#httpd2"> Sep 10, 2004: |
<li><a href="errata35.html#httpd2"> Sep 10, 2004: |
httpd(8)'s mod_rewrite module can be made to write one zero byte in |
httpd(8)'s mod_rewrite module can be made to write one zero byte in |
an arbitrary memory position outside of a char array, causing a DoS |
an arbitrary memory position outside of a char array, causing a DoS |
or possibly buffer overflows.</a> |
or possibly buffer overflows.</a> |
<li><a href="errata.html#httpd"> Jun 12, 2004: |
<li><a href="errata35.html#httpd"> Jun 12, 2004: |
Multiple vulnerabilities have been found in httpd(8) / mod_ssl.</a> |
Multiple vulnerabilities have been found in httpd(8) / mod_ssl.</a> |
<li><a href="errata.html#isakmpd"> Jun 10, 2004: |
<li><a href="errata35.html#isakmpd"> Jun 10, 2004: |
isakmpd(8) still has issues with unauthorized SA deletion, |
isakmpd(8) still has issues with unauthorized SA deletion, |
an attacker can delete IPsec tunnels at will.</a> |
an attacker can delete IPsec tunnels at will.</a> |
<li><a href="errata.html#cvs3"> Jun 9, 2004: |
<li><a href="errata35.html#cvs3"> Jun 9, 2004: |
Multiple remote vulnerabilities have been found in the cvs(1) |
Multiple remote vulnerabilities have been found in the cvs(1) |
server which can be used by CVS clients to crash or execute |
server which can be used by CVS clients to crash or execute |
arbitrary code on the server.</a> |
arbitrary code on the server.</a> |
<li><a href="errata.html#kerberos"> May 30, 2004: |
<li><a href="errata35.html#kerberos"> May 30, 2004: |
kdc(8) performs inadequate checking of request fields, leading |
kdc(8) performs inadequate checking of request fields, leading |
to the possibility of principal impersonation from other |
to the possibility of principal impersonation from other |
Kerberos realms if they are trusted with a cross-realm trust.</a> |
Kerberos realms if they are trusted with a cross-realm trust.</a> |
<li><a href="errata.html#xdm"> May 26, 2004: |
<li><a href="errata35.html#xdm"> May 26, 2004: |
xdm(1) ignores the requestPort resource and creates a |
xdm(1) ignores the requestPort resource and creates a |
listening socket regardless of the setting in xdm-config.</a> |
listening socket regardless of the setting in xdm-config.</a> |
<li><a href="errata.html#cvs2"> May 20, 2004: |
<li><a href="errata35.html#cvs2"> May 20, 2004: |
A buffer overflow in the cvs(1) server has been found, |
A buffer overflow in the cvs(1) server has been found, |
which can be used by CVS clients to execute arbitrary code on |
which can be used by CVS clients to execute arbitrary code on |
the server.</a> |
the server.</a> |
<li><a href="errata.html#procfs"> May 13, 2004: |
<li><a href="errata35.html#procfs"> May 13, 2004: |
Integer overflow problems were found in procfs, allowing |
Integer overflow problems were found in procfs, allowing |
reading of arbitrary kernel memory.</a> |
reading of arbitrary kernel memory.</a> |
<li><a href="errata.html#cvs"> May 5, 2004: |
<li><a href="errata35.html#cvs"> May 5, 2004: |
Pathname validation problems have been found in cvs(1), |
Pathname validation problems have been found in cvs(1), |
allowing clients and servers access to files outside the |
allowing clients and servers access to files outside the |
repository or local CVS tree.</a> |
repository or local CVS tree.</a> |
</ul> |
</ul> |
|
|
<p> |
<p> |
|
OpenBSD 3.4 and earlier releases are not supported anymore. The following |
|
paragraphs only list advisories issued while they were maintained; these |
|
releases are likely to be affected by the advisories for more recent releases. |
|
<br> |
|
|
<li> |
<li> |
<a name="34"></a> |
<a name="34"></a> |
|
|
<h3><font color="#e00000">OpenBSD 3.4 Security Advisories</font></h3> |
<h3><font color="#e00000">OpenBSD 3.4 Security Advisories</font></h3> |
These are the OpenBSD 3.4 advisories -- all these problems are solved |
These are the OpenBSD 3.4 advisories -- all these problems are solved |
in <a href="anoncvs.html">OpenBSD current</a> and the |
in <a href="anoncvs.html">OpenBSD current</a>. The |
<a href="stable.html">patch branch</a>. |
<a href="stable.html">patch branch</a> for 3.4 is no longer being maintained, |
|
you should update your machine. |
<p> |
<p> |
<ul> |
<ul> |
<li><a href="errata34.html#xpm">Sep 16, 2004: |
<li><a href="errata34.html#xpm">Sep 16, 2004: |
|
|
allow an attacker to mount a denial of service attack against |
allow an attacker to mount a denial of service attack against |
applications linked with ssl(3).</a> |
applications linked with ssl(3).</a> |
</ul> |
</ul> |
|
|
<p> |
|
OpenBSD 3.3 and earlier releases are not supported anymore. The following |
|
paragraphs only list advisories issued while they were maintained; these |
|
releases are likely to be affected by the advisories for more recent releases. |
|
<br> |
|
|
|
<li> |
<li> |
<a name="33"></a> |
<a name="33"></a> |