version 1.391, 2012/05/01 17:52:06 |
version 1.392, 2012/05/01 17:56:54 |
|
|
<li><a href="errata47.html#003_openssl">April 14, 2010: |
<li><a href="errata47.html#003_openssl">April 14, 2010: |
In TLS connections, certain incorrectly formatted records can |
In TLS connections, certain incorrectly formatted records can |
cause an OpenSSL client or server to crash due to a read |
cause an OpenSSL client or server to crash due to a read |
attempt at NULL.</a>. |
attempt at NULL.</a> |
</ul> |
</ul> |
|
|
<li> |
<li> |
|
|
<li><a href="errata46.html#010_openssl">April 14, 2010: |
<li><a href="errata46.html#010_openssl">April 14, 2010: |
In TLS connections, certain incorrectly formatted records can |
In TLS connections, certain incorrectly formatted records can |
cause an OpenSSL client or server to crash due to a read |
cause an OpenSSL client or server to crash due to a read |
attempt at NULL.</a>. |
attempt at NULL.</a> |
<li><a href="errata46.html#006_openssl">March 12, 2010: |
<li><a href="errata46.html#006_openssl">March 12, 2010: |
OpenSSL is susceptible to a buffer overflow due to a failure |
OpenSSL is susceptible to a buffer overflow due to a failure |
to check for NULL returns from bn_wexpand function calls</a>. |
to check for NULL returns from bn_wexpand function calls.</a> |
<li><a href="errata46.html#004_openssl">November 26, 2009: |
<li><a href="errata46.html#004_openssl">November 26, 2009: |
The SSL/TLS protocol is subject to man-in-the-middle attacks |
The SSL/TLS protocol is subject to man-in-the-middle attacks |
related to renegotiation</a>. |
related to renegotiation.</a> |
</ul> |
</ul> |
|
|
<li> |
<li> |
|
|
<li><a href="errata45.html#016_openssl">April 14, 2010: |
<li><a href="errata45.html#016_openssl">April 14, 2010: |
In TLS connections, certain incorrectly formatted records can |
In TLS connections, certain incorrectly formatted records can |
cause an OpenSSL client or server to crash due to a read |
cause an OpenSSL client or server to crash due to a read |
attempt at NULL.</a>. |
attempt at NULL.</a> |
<li><a href="errata45.html#012_openssl">March 12, 2010: |
<li><a href="errata45.html#012_openssl">March 12, 2010: |
OpenSSL is susceptible to a buffer overflow due to a failure |
OpenSSL is susceptible to a buffer overflow due to a failure |
to check for NULL returns from bn_wexpand function calls</a>. |
to check for NULL returns from bn_wexpand function calls.</a> |
<li><a href="errata45.html#010_openssl">November 26, 2009: |
<li><a href="errata45.html#010_openssl">November 26, 2009: |
The SSL/TLS protocol is subject to man-in-the-middle attacks |
The SSL/TLS protocol is subject to man-in-the-middle attacks |
related to renegotiation</a>. |
related to renegotiation.</a> |
</ul> |
</ul> |
|
|
<li> |
<li> |
|
|
timing attacks.</a> |
timing attacks.</a> |
<li><a href="errata32.html#lprm">March 5, 2003: |
<li><a href="errata32.html#lprm">March 5, 2003: |
A buffer overflow in lprm(1) may allow an attacker to elevate |
A buffer overflow in lprm(1) may allow an attacker to elevate |
privileges to user daemon.</a>. |
privileges to user daemon.</a> |
<li><a href="errata32.html#sendmail">March 3, 2003: |
<li><a href="errata32.html#sendmail">March 3, 2003: |
A buffer overflow in the envelope comments processing in |
A buffer overflow in the envelope comments processing in |
sendmail(8) may allow an attacker to gain root privileges.</a> |
sendmail(8) may allow an attacker to gain root privileges.</a> |
|
|
<li><a href="errata31.html#cvs">January 20, 2003: |
<li><a href="errata31.html#cvs">January 20, 2003: |
A double free exists in cvs(1) that could lead to privilege |
A double free exists in cvs(1) that could lead to privilege |
escalation for cvs configurations where the cvs command is |
escalation for cvs configurations where the cvs command is |
run as a privileged user</a>. |
run as a privileged user.</a> |
<li><a href="errata31.html#named">November 14, 2002: |
<li><a href="errata31.html#named">November 14, 2002: |
A buffer overflow exists in named(8) that could lead to a |
A buffer overflow exists in named(8) that could lead to a |
remote crash or code execution as user named in a chroot jail.</a> |
remote crash or code execution as user named in a chroot jail.</a> |