Sep 16, 2004:
--- 241,297 ----
! - Sep 20, 2004:
Radius-based authentication is vulnerable to spoofed replies.
!
- Sep 16, 2004:
The Xpm library has vulnerabilities when parsing malicious images.
!
- Sep 10, 2004:
httpd(8)'s mod_rewrite module can be made to write one zero byte in
an arbitrary memory position outside of a char array, causing a DoS
or possibly buffer overflows.
!
- Jun 12, 2004:
Multiple vulnerabilities have been found in httpd(8) / mod_ssl.
!
- Jun 10, 2004:
isakmpd(8) still has issues with unauthorized SA deletion,
an attacker can delete IPsec tunnels at will.
!
- Jun 9, 2004:
Multiple remote vulnerabilities have been found in the cvs(1)
server which can be used by CVS clients to crash or execute
arbitrary code on the server.
!
- May 30, 2004:
kdc(8) performs inadequate checking of request fields, leading
to the possibility of principal impersonation from other
Kerberos realms if they are trusted with a cross-realm trust.
!
- May 26, 2004:
xdm(1) ignores the requestPort resource and creates a
listening socket regardless of the setting in xdm-config.
!
- May 20, 2004:
A buffer overflow in the cvs(1) server has been found,
which can be used by CVS clients to execute arbitrary code on
the server.
!
- May 13, 2004:
Integer overflow problems were found in procfs, allowing
reading of arbitrary kernel memory.
!
- May 5, 2004:
Pathname validation problems have been found in cvs(1),
allowing clients and servers access to files outside the
repository or local CVS tree.
+ OpenBSD 3.4 and earlier releases are not supported anymore. The following
+ paragraphs only list advisories issued while they were maintained; these
+ releases are likely to be affected by the advisories for more recent releases.
+
+
OpenBSD 3.4 Security Advisories
These are the OpenBSD 3.4 advisories -- all these problems are solved
! in OpenBSD current. The
! patch branch for 3.4 is no longer being maintained,
! you should update your machine.
-
- OpenBSD 3.3 and earlier releases are not supported anymore. The following
- paragraphs only list advisories issued while they were maintained; these
- releases are likely to be affected by the advisories for more recent releases.
-
-
--- 353,358 ----
***************
*** 1276,1282 ****
www@openbsd.org
! $OpenBSD: security.html,v 1.300 2004/10/23 20:34:08 deraadt Exp $