version 1.381, 2009/11/01 00:25:36 |
version 1.382, 2009/11/08 15:26:53 |
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
<li><a href="errata46.html#003_getsockopt">October 28, 2009: |
<li>None yet. |
getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, |
|
IP_ESP_NETWORK_LEVEL, IP_IPCOMP_LEVEL will crash the system.</a> |
|
<li><a href="errata46.html#002_xmm">October 5, 2009: |
|
XMM exceptions are not correctly handled resulting in a kernel panic.</a> |
|
<li><a href="errata46.html#001_bind">July 29, 2009: |
|
BIND's named could be made to crash with a specially crafted |
|
dynamic update message to a zone for which the server is |
|
master.</a> |
|
</ul> |
</ul> |
|
|
|
<li> |
<a name="45"></a> |
<a name="45"></a> |
|
|
<h3><font color="#e00000">OpenBSD 4.5 Security Advisories</font></h3> |
<h3><font color="#e00000">OpenBSD 4.5 Security Advisories</font></h3> |
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
<li><a href="errata45.html#009_getsockopt">October 28, 2009: |
<li>None yet. |
getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, |
|
IP_ESP_NETWORK_LEVEL, IP_IPCOMP_LEVEL will crash the system.</a> |
|
<li><a href="errata45.html#008_xmm">October 5, 2009: |
|
XMM exceptions are not correctly handled resulting in a kernel panic.</a> |
|
<li><a href="errata45.html#007_bind">July 29, 2009: |
|
BIND's named could be made to crash with a specially crafted |
|
dynamic update message to a zone for which the server is |
|
master.</a> |
|
<li><a href="errata45.html#002_pf">April 11, 2009: |
|
When pf attempts to perform translation on a specially |
|
crafted IP datagram, a null pointer dereference will occur, |
|
resulting in a kernel panic.</a> |
|
<li><a href="errata45.html#001_openssl">April 8, 2009: |
|
OpenSSL's ASN.1 handling code could be forced to make invalid |
|
memory accesses by certain invalid strings or structures, allowing |
|
denial-of-service attacks.</a> |
|
</ul> |
</ul> |
|
|
|
<p> |
|
OpenBSD 4.4 and earlier releases are not supported anymore. The following |
|
paragraphs only list advisories issued while they were maintained; these |
|
releases are likely to be affected by the advisories for more recent releases. |
|
<br> |
|
|
<li> |
<li> |
<a name="44"></a> |
<a name="44"></a> |
|
|
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
<li><a href="errata44.html#016_getsockopt">October 28, 2009: |
|
getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, |
|
IP_ESP_NETWORK_LEVEL, IP_IPCOMP_LEVEL will crash the system.</a> |
|
<li><a href="errata46.html#015_xmm">October 5, 2009: |
|
XMM exceptions are not correctly handled resulting in a kernel panic.</a> |
|
<li><a href="errata44.html#014_bind">July 29, 2009: |
|
BIND's named could be made to crash with a specially crafted |
|
dynamic update message to a zone for which the server is |
|
master.</a> |
|
<li><a href="errata44.html#013_pf">April 11, 2009: |
|
When pf attempts to perform translation on a specially |
|
crafted IP datagram, a null pointer dereference will occur, |
|
resulting in a kernel panic.</a> |
|
<li><a href="errata44.html#012_openssl">April 8, 2009: |
|
OpenSSL's ASN.1 handling code could be forced to make invalid |
|
memory accesses by certain invalid strings or structures, allowing |
|
denial-of-service attacks.</a> |
|
<li><a href="errata44.html#011_sudo">February 22, 2009: |
<li><a href="errata44.html#011_sudo">February 22, 2009: |
sudo(8) may allow a user listed in sudoers to run a command |
sudo(8) may allow a user listed in sudoers to run a command |
as a different user than their access rule specifies when a Unix |
as a different user than their access rule specifies when a Unix |
|
|
to intercept traffic.</a> |
to intercept traffic.</a> |
</ul> |
</ul> |
|
|
<p> |
|
OpenBSD 4.3 and earlier releases are not supported anymore. The following |
|
paragraphs only list advisories issued while they were maintained; these |
|
releases are likely to be affected by the advisories for more recent releases. |
|
<br> |
|
|
|
<li> |
<li> |
<a name="43"></a> |
<a name="43"></a> |
|
|
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
<li><a href="errata43.html#013_pf">April 11, 2009: |
|
When pf attempts to perform translation on a specially |
|
crafted IP datagram, a null pointer dereference will occur, |
|
resulting in a kernel panic.</a> |
|
<li><a href="errata43.html#012_openssl">April 8, 2009: |
|
OpenSSL's ASN.1 handling code could be forced to make invalid |
|
memory accesses by certain invalid strings or structures, allowing |
|
denial-of-service attacks.</a> |
|
<li><a href="errata43.html#011_sudo">February 22, 2009: |
<li><a href="errata43.html#011_sudo">February 22, 2009: |
sudo(8) may allow a user listed in sudoers to run a command |
sudo(8) may allow a user listed in sudoers to run a command |
as a different user than their access rule specifies when a Unix |
as a different user than their access rule specifies when a Unix |
|
|
<li><a href="errata43.html#007_openssl">January 9, 2009: |
<li><a href="errata43.html#007_openssl">January 9, 2009: |
OpenSSL suffered from some logic errors that allowed bypass |
OpenSSL suffered from some logic errors that allowed bypass |
of DSA/ECDSA certificate validation.</a> |
of DSA/ECDSA certificate validation.</a> |
<li><a href="errata43.html#005_ndp">October 2, 2008: |
<li><a href="errata43.html#006_ndp">October 2, 2008: |
The Neighbor Discovery Protocol (ndp) did not correctly verify |
The Neighbor Discovery Protocol (ndp) did not correctly verify |
neighbor solicitation requests maybe allowing a nearby attacker |
neighbor solicitation requests maybe allowing a nearby attacker |
to intercept traffic.</a> |
to intercept traffic.</a> |
|
|
Command prompt parsing buffer overflow in ppp.</a> |
Command prompt parsing buffer overflow in ppp.</a> |
<li><a href="errata42.html#006_xorg">Feb 8, 2008: |
<li><a href="errata42.html#006_xorg">Feb 8, 2008: |
Multiple vulnerabilities in X.Org.</a> |
Multiple vulnerabilities in X.Org.</a> |
<li><a href="errata42.html#005_ifrtlabel">Jan 11, 2008: |
|
A missing NULL pointer check can lead to a kernel panic.</a> |
|
<li><a href="errata42.html#004_pf">Nov 27, 2007: |
|
A memory leak in pf can lead to machine lockups.</a> |
|
<li><a href="errata42.html#002_openssl">Oct 10, 2007: |
<li><a href="errata42.html#002_openssl">Oct 10, 2007: |
Fix off-by-one overflow in OpenSSL.</a> |
Fix off-by-one overflow in OpenSSL.</a> |
<li><a href="errata42.html#001_dhcpd">Oct 9, 2007: |
<li><a href="errata42.html#001_dhcpd">Oct 9, 2007: |
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
|
<li><a href="errata40.html#017_openssl">Oct 10, 2007: |
|
The SSL_get_shared_ciphers() function in OpenSSL contains an |
|
off-by-one overflow.</a> |
<li><a href="errata40.html#016_dhcpd">Oct 9, 2007: |
<li><a href="errata40.html#016_dhcpd">Oct 9, 2007: |
Fix stack corruption problem in dhcpd(8).</a> |
Fix stack corruption problem in dhcpd(8).</a> |
<li><a href="errata40.html#015_file">Jul 9, 2007: |
<li><a href="errata40.html#015_file">Jul 9, 2007: |