===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.123
retrieving revision 1.124
diff -c -r1.123 -r1.124
*** www/security.html 2000/01/20 17:49:33 1.123
--- www/security.html 2000/05/23 20:58:20 1.124
***************
*** 35,40 ****
--- 35,41 ----
+ For 2.7 security advisories.
For 2.6 security advisories.
For 2.5 security advisories.
For 2.4 security advisories.
***************
*** 180,185 ****
--- 181,200 ----
+
+
+ OpenBSD 2.7 Security Advisories
+ These are the OpenBSD 2.7 advisories -- all these problems are solved
+ in OpenBSD current. Obviously, all the
+ OpenBSD 2.6 advisories listed below are fixed in OpenBSD 2.7.
+
+
+
+ - No 2.7 security advisories yet.
+
+
+
+
OpenBSD 2.6 Security Advisories
***************
*** 201,207 ****
A buffer overflow in the RSAREF code included in the
USA version of libssl, is possibly exploitable in
httpd, ssh, or isakmpd, if SSL/RSA features are enabled.
! (patch included).
Dec 4, 1999:
Sendmail permitted any user to cause a aliases file wrap,
thus exposing the system to a race where the aliases file
--- 216,224 ----
A buffer overflow in the RSAREF code included in the
USA version of libssl, is possibly exploitable in
httpd, ssh, or isakmpd, if SSL/RSA features are enabled.
! (patch included).
! Update: Turns out that this was not exploitable
! in any of the software included in OpenBSD 2.6.
Dec 4, 1999:
Sendmail permitted any user to cause a aliases file wrap,
thus exposing the system to a race where the aliases file
***************
*** 495,501 ****
www@openbsd.org
! $OpenBSD: security.html,v 1.123 2000/01/20 17:49:33 deraadt Exp $
|