===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.242
retrieving revision 1.243
diff -c -r1.242 -r1.243
*** www/security.html	2003/03/24 19:21:05	1.242
--- www/security.html	2003/03/26 01:16:40	1.243
***************
*** 196,244 ****
  
  <p>
  <ul>
! <li><a href=errata.html#kerberos>March 24, 2003:
  	A cryptographic weaknesses in the Kerberos v4 protocol can be
  	exploited on Kerberos v5 as well.</a>
! <li><a href=errata.html#kpr>March 19, 2003:
  	OpenSSL is vulnerable to an extension of the ``Bleichenbacher'' attack
  	designed by Czech researchers Klima, Pokorny and Rosa.</a>
! <li><a href=errata.html#blinding>March 18, 2003:
  	Various SSL and TLS operations in OpenSSL are vulnerable to
  	timing attacks.</a>
! <li><a href=errata.html#lprm>March 5, 2003:
  	A buffer overflow in lprm(1) may allow an attacker to elevate
  	privileges to user daemon.</a>.
! <li><a href=errata.html#sendmail>March 3, 2003:
  	A buffer overflow in the envelope comments processing in
  	sendmail(8) may allow an attacker to gain root privileges.</a>
! <li><a href=errata.html#httpd>February 25, 2003:
  	httpd(8) leaks file inode numbers via ETag header as well as
  	child PIDs in multipart MIME boundary generation. This could
  	lead, for example, to NFS exploitation because it uses inode
  	numbers as part of the file handle.</a>
! <li><a href=errata.html#ssl>February 22, 2003:
  	In ssl(8) an information leak can occur via timing by performing
  	a MAC computation even if incorrect block cipher padding has 
  	been found, this is a countermeasure. Also, check for negative
  	sizes, in allocation routines.</a>
! <li><a href=errata.html#cvs>January 20, 2003:
  	A double free exists in cvs(1) that could lead to privilege
  	escalation for cvs configurations where the cvs command is
  	run as a privileged user.</a>
! <li><a href=errata.html#named>November 14, 2002:
  	A buffer overflow exists in named(8) that could lead to a
  	remote crash or code execution as user named in a chroot jail.</a>
! <li><a href=errata.html#pool>November 6, 2002:
  	A logic error in the pool kernel memory allocator could cause
  	memory corruption in low-memory situations, causing the system
  	to crash.</a>
! <li><a href=errata.html#smrsh>November 6, 2002:
  	An attacker can bypass smrsh(8)'s restrictions and execute
  	arbitrary commands with the privileges of his own account.</a>
! <li><a href=errata.html#pfbridge>November 6, 2002:
  	Network bridges running pf with scrubbing enabled could cause
  	mbuf corruption, causing the system to crash.</a>
! <li><a href=errata.html#kadmin>October 21, 2002:
  	A buffer overflow can occur in the kadmind(8) daemon, leading
  	to possible remote crash or exploit.</a>
  </ul>
--- 196,244 ----
  
  <p>
  <ul>
! <li><a href=errata32.html#kerberos>March 24, 2003:
  	A cryptographic weaknesses in the Kerberos v4 protocol can be
  	exploited on Kerberos v5 as well.</a>
! <li><a href=errata32.html#kpr>March 19, 2003:
  	OpenSSL is vulnerable to an extension of the ``Bleichenbacher'' attack
  	designed by Czech researchers Klima, Pokorny and Rosa.</a>
! <li><a href=errata32.html#blinding>March 18, 2003:
  	Various SSL and TLS operations in OpenSSL are vulnerable to
  	timing attacks.</a>
! <li><a href=errata32.html#lprm>March 5, 2003:
  	A buffer overflow in lprm(1) may allow an attacker to elevate
  	privileges to user daemon.</a>.
! <li><a href=errata32.html#sendmail>March 3, 2003:
  	A buffer overflow in the envelope comments processing in
  	sendmail(8) may allow an attacker to gain root privileges.</a>
! <li><a href=errata32.html#httpd>February 25, 2003:
  	httpd(8) leaks file inode numbers via ETag header as well as
  	child PIDs in multipart MIME boundary generation. This could
  	lead, for example, to NFS exploitation because it uses inode
  	numbers as part of the file handle.</a>
! <li><a href=errata32.html#ssl>February 22, 2003:
  	In ssl(8) an information leak can occur via timing by performing
  	a MAC computation even if incorrect block cipher padding has 
  	been found, this is a countermeasure. Also, check for negative
  	sizes, in allocation routines.</a>
! <li><a href=errata32.html#cvs>January 20, 2003:
  	A double free exists in cvs(1) that could lead to privilege
  	escalation for cvs configurations where the cvs command is
  	run as a privileged user.</a>
! <li><a href=errata32.html#named>November 14, 2002:
  	A buffer overflow exists in named(8) that could lead to a
  	remote crash or code execution as user named in a chroot jail.</a>
! <li><a href=errata32.html#pool>November 6, 2002:
  	A logic error in the pool kernel memory allocator could cause
  	memory corruption in low-memory situations, causing the system
  	to crash.</a>
! <li><a href=errata32.html#smrsh>November 6, 2002:
  	An attacker can bypass smrsh(8)'s restrictions and execute
  	arbitrary commands with the privileges of his own account.</a>
! <li><a href=errata32.html#pfbridge>November 6, 2002:
  	Network bridges running pf with scrubbing enabled could cause
  	mbuf corruption, causing the system to crash.</a>
! <li><a href=errata32.html#kadmin>October 21, 2002:
  	A buffer overflow can occur in the kadmind(8) daemon, leading
  	to possible remote crash or exploit.</a>
  </ul>
***************
*** 1039,1045 ****
  <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
  <a href=mailto:www@openbsd.org>www@openbsd.org</a>
  <br>
! <small>$OpenBSD: security.html,v 1.242 2003/03/24 19:21:05 millert Exp $</small>
  
  </body>
  </html>
--- 1039,1045 ----
  <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
  <a href=mailto:www@openbsd.org>www@openbsd.org</a>
  <br>
! <small>$OpenBSD: security.html,v 1.243 2003/03/26 01:16:40 deraadt Exp $</small>
  
  </body>
  </html>