version 1.372, 2009/02/22 22:09:38 |
version 1.373, 2009/04/08 02:44:22 |
|
|
<li><h3><font color="#e00000">Advisories</font></h3><p> |
<li><h3><font color="#e00000">Advisories</font></h3><p> |
|
|
<li> |
<li> |
|
<a name="45"></a> |
|
|
|
<h3><font color="#e00000">OpenBSD 4.5 Security Advisories</font></h3> |
|
These are the OpenBSD 4.5 advisories -- all these problems are solved |
|
in <a href=anoncvs.html>OpenBSD current</a> and the |
|
<a href=stable.html>patch branch</a>. |
|
|
|
<p> |
|
<ul> |
|
<li><a href="errata45.html#001_openssl">April 8, 2009: |
|
OpenSSL's ASN.1 handling code could be forced to make invalid |
|
memory accesses by certain invalid strings or structures, allowing |
|
denial-of-service attacks.</a> |
|
</ul> |
|
|
|
<li> |
<a name="44"></a> |
<a name="44"></a> |
|
|
<h3><font color="#e00000">OpenBSD 4.4 Security Advisories</font></h3> |
<h3><font color="#e00000">OpenBSD 4.4 Security Advisories</font></h3> |
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
|
<li><a href="errata44.html#012_openssl">April 8, 2009: |
|
OpenSSL's ASN.1 handling code could be forced to make invalid |
|
memory accesses by certain invalid strings or structures, allowing |
|
denial-of-service attacks.</a> |
<li><a href="errata44.html#011_sudo">February 22, 2009: |
<li><a href="errata44.html#011_sudo">February 22, 2009: |
sudo(8) may allow a user listed in sudoers to run a command |
sudo(8) may allow a user listed in sudoers to run a command |
as a different user than their access rule specifies when a Unix |
as a different user than their access rule specifies when a Unix |
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
|
<li><a href="errata43.html#012_openssl">April 8, 2009: |
|
OpenSSL's ASN.1 handling code could be forced to make invalid |
|
memory accesses by certain invalid strings or structures, allowing |
|
denial-of-service attacks.</a> |
<li><a href="errata43.html#011_sudo">February 22, 2009: |
<li><a href="errata43.html#011_sudo">February 22, 2009: |
sudo(8) may allow a user listed in sudoers to run a command |
sudo(8) may allow a user listed in sudoers to run a command |
as a different user than their access rule specifies when a Unix |
as a different user than their access rule specifies when a Unix |