=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v retrieving revision 1.123 retrieving revision 1.124 diff -c -r1.123 -r1.124 *** www/security.html 2000/01/20 17:49:33 1.123 --- www/security.html 2000/05/23 20:58:20 1.124 *************** *** 35,40 **** --- 35,41 ----

+ For 2.7 security advisories.
For 2.6 security advisories.
For 2.5 security advisories.
For 2.4 security advisories.
*************** *** 180,185 **** --- 181,200 ----

+ + +

OpenBSD 2.7 Security Advisories

+ These are the OpenBSD 2.7 advisories -- all these problems are solved + in OpenBSD current. Obviously, all the + OpenBSD 2.6 advisories listed below are fixed in OpenBSD 2.7. + +

No 2.7 security advisories yet. +

+ +

OpenBSD 2.6 Security Advisories

*************** *** 201,207 **** A buffer overflow in the RSAREF code included in the USA version of libssl, is possibly exploitable in httpd, ssh, or isakmpd, if SSL/RSA features are enabled. ! (patch included).

Dec 4, 1999: Sendmail permitted any user to cause a aliases file wrap, thus exposing the system to a race where the aliases file --- 216,224 ---- A buffer overflow in the RSAREF code included in the USA version of libssl, is possibly exploitable in httpd, ssh, or isakmpd, if SSL/RSA features are enabled. ! (patch included).
! Update: Turns out that this was not exploitable ! in any of the software included in OpenBSD 2.6.

Dec 4, 1999: Sendmail permitted any user to cause a aliases file wrap, thus exposing the system to a race where the aliases file *************** *** 495,501 ****

www@openbsd.org
! $OpenBSD: security.html,v 1.123 2000/01/20 17:49:33 deraadt Exp $ --- 512,518 ----

www@openbsd.org
! $OpenBSD: security.html,v 1.124 2000/05/23 20:58:20 deraadt Exp $