| version 1.381, 2009/11/01 00:25:36 |
version 1.382, 2009/11/08 15:26:53 |
|
|
| |
|
| <p> |
<p> |
| <ul> |
<ul> |
| <li><a href="errata46.html#003_getsockopt">October 28, 2009: |
<li>None yet. |
| getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, |
|
| IP_ESP_NETWORK_LEVEL, IP_IPCOMP_LEVEL will crash the system.</a> |
|
| <li><a href="errata46.html#002_xmm">October 5, 2009: |
|
| XMM exceptions are not correctly handled resulting in a kernel panic.</a> |
|
| <li><a href="errata46.html#001_bind">July 29, 2009: |
|
| BIND's named could be made to crash with a specially crafted |
|
| dynamic update message to a zone for which the server is |
|
| master.</a> |
|
| </ul> |
</ul> |
| |
|
| |
<li> |
| <a name="45"></a> |
<a name="45"></a> |
| |
|
| <h3><font color="#e00000">OpenBSD 4.5 Security Advisories</font></h3> |
<h3><font color="#e00000">OpenBSD 4.5 Security Advisories</font></h3> |
|
|
| |
|
| <p> |
<p> |
| <ul> |
<ul> |
| <li><a href="errata45.html#009_getsockopt">October 28, 2009: |
<li>None yet. |
| getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, |
|
| IP_ESP_NETWORK_LEVEL, IP_IPCOMP_LEVEL will crash the system.</a> |
|
| <li><a href="errata45.html#008_xmm">October 5, 2009: |
|
| XMM exceptions are not correctly handled resulting in a kernel panic.</a> |
|
| <li><a href="errata45.html#007_bind">July 29, 2009: |
|
| BIND's named could be made to crash with a specially crafted |
|
| dynamic update message to a zone for which the server is |
|
| master.</a> |
|
| <li><a href="errata45.html#002_pf">April 11, 2009: |
|
| When pf attempts to perform translation on a specially |
|
| crafted IP datagram, a null pointer dereference will occur, |
|
| resulting in a kernel panic.</a> |
|
| <li><a href="errata45.html#001_openssl">April 8, 2009: |
|
| OpenSSL's ASN.1 handling code could be forced to make invalid |
|
| memory accesses by certain invalid strings or structures, allowing |
|
| denial-of-service attacks.</a> |
|
| </ul> |
</ul> |
| |
|
| |
<p> |
| |
OpenBSD 4.4 and earlier releases are not supported anymore. The following |
| |
paragraphs only list advisories issued while they were maintained; these |
| |
releases are likely to be affected by the advisories for more recent releases. |
| |
<br> |
| |
|
| <li> |
<li> |
| <a name="44"></a> |
<a name="44"></a> |
| |
|
|
|
| |
|
| <p> |
<p> |
| <ul> |
<ul> |
| <li><a href="errata44.html#016_getsockopt">October 28, 2009: |
|
| getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, |
|
| IP_ESP_NETWORK_LEVEL, IP_IPCOMP_LEVEL will crash the system.</a> |
|
| <li><a href="errata46.html#015_xmm">October 5, 2009: |
|
| XMM exceptions are not correctly handled resulting in a kernel panic.</a> |
|
| <li><a href="errata44.html#014_bind">July 29, 2009: |
|
| BIND's named could be made to crash with a specially crafted |
|
| dynamic update message to a zone for which the server is |
|
| master.</a> |
|
| <li><a href="errata44.html#013_pf">April 11, 2009: |
|
| When pf attempts to perform translation on a specially |
|
| crafted IP datagram, a null pointer dereference will occur, |
|
| resulting in a kernel panic.</a> |
|
| <li><a href="errata44.html#012_openssl">April 8, 2009: |
|
| OpenSSL's ASN.1 handling code could be forced to make invalid |
|
| memory accesses by certain invalid strings or structures, allowing |
|
| denial-of-service attacks.</a> |
|
| <li><a href="errata44.html#011_sudo">February 22, 2009: |
<li><a href="errata44.html#011_sudo">February 22, 2009: |
| sudo(8) may allow a user listed in sudoers to run a command |
sudo(8) may allow a user listed in sudoers to run a command |
| as a different user than their access rule specifies when a Unix |
as a different user than their access rule specifies when a Unix |
|
|
| to intercept traffic.</a> |
to intercept traffic.</a> |
| </ul> |
</ul> |
| |
|
| <p> |
|
| OpenBSD 4.3 and earlier releases are not supported anymore. The following |
|
| paragraphs only list advisories issued while they were maintained; these |
|
| releases are likely to be affected by the advisories for more recent releases. |
|
| <br> |
|
| |
|
| <li> |
<li> |
| <a name="43"></a> |
<a name="43"></a> |
| |
|
|
|
| |
|
| <p> |
<p> |
| <ul> |
<ul> |
| <li><a href="errata43.html#013_pf">April 11, 2009: |
|
| When pf attempts to perform translation on a specially |
|
| crafted IP datagram, a null pointer dereference will occur, |
|
| resulting in a kernel panic.</a> |
|
| <li><a href="errata43.html#012_openssl">April 8, 2009: |
|
| OpenSSL's ASN.1 handling code could be forced to make invalid |
|
| memory accesses by certain invalid strings or structures, allowing |
|
| denial-of-service attacks.</a> |
|
| <li><a href="errata43.html#011_sudo">February 22, 2009: |
<li><a href="errata43.html#011_sudo">February 22, 2009: |
| sudo(8) may allow a user listed in sudoers to run a command |
sudo(8) may allow a user listed in sudoers to run a command |
| as a different user than their access rule specifies when a Unix |
as a different user than their access rule specifies when a Unix |
|
|
| <li><a href="errata43.html#007_openssl">January 9, 2009: |
<li><a href="errata43.html#007_openssl">January 9, 2009: |
| OpenSSL suffered from some logic errors that allowed bypass |
OpenSSL suffered from some logic errors that allowed bypass |
| of DSA/ECDSA certificate validation.</a> |
of DSA/ECDSA certificate validation.</a> |
| <li><a href="errata43.html#005_ndp">October 2, 2008: |
<li><a href="errata43.html#006_ndp">October 2, 2008: |
| The Neighbor Discovery Protocol (ndp) did not correctly verify |
The Neighbor Discovery Protocol (ndp) did not correctly verify |
| neighbor solicitation requests maybe allowing a nearby attacker |
neighbor solicitation requests maybe allowing a nearby attacker |
| to intercept traffic.</a> |
to intercept traffic.</a> |
|
|
| Command prompt parsing buffer overflow in ppp.</a> |
Command prompt parsing buffer overflow in ppp.</a> |
| <li><a href="errata42.html#006_xorg">Feb 8, 2008: |
<li><a href="errata42.html#006_xorg">Feb 8, 2008: |
| Multiple vulnerabilities in X.Org.</a> |
Multiple vulnerabilities in X.Org.</a> |
| <li><a href="errata42.html#005_ifrtlabel">Jan 11, 2008: |
|
| A missing NULL pointer check can lead to a kernel panic.</a> |
|
| <li><a href="errata42.html#004_pf">Nov 27, 2007: |
|
| A memory leak in pf can lead to machine lockups.</a> |
|
| <li><a href="errata42.html#002_openssl">Oct 10, 2007: |
<li><a href="errata42.html#002_openssl">Oct 10, 2007: |
| Fix off-by-one overflow in OpenSSL.</a> |
Fix off-by-one overflow in OpenSSL.</a> |
| <li><a href="errata42.html#001_dhcpd">Oct 9, 2007: |
<li><a href="errata42.html#001_dhcpd">Oct 9, 2007: |
|
|
| |
|
| <p> |
<p> |
| <ul> |
<ul> |
| |
<li><a href="errata40.html#017_openssl">Oct 10, 2007: |
| |
The SSL_get_shared_ciphers() function in OpenSSL contains an |
| |
off-by-one overflow.</a> |
| <li><a href="errata40.html#016_dhcpd">Oct 9, 2007: |
<li><a href="errata40.html#016_dhcpd">Oct 9, 2007: |
| Fix stack corruption problem in dhcpd(8).</a> |
Fix stack corruption problem in dhcpd(8).</a> |
| <li><a href="errata40.html#015_file">Jul 9, 2007: |
<li><a href="errata40.html#015_file">Jul 9, 2007: |
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www