===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.332
retrieving revision 1.333
diff -c -r1.332 -r1.333
*** www/security.html 2006/10/12 07:05:21 1.332
--- www/security.html 2006/10/30 21:11:21 1.333
***************
*** 232,278 ****
! - Oct 12, 2006:
Fix 2 security bugs found in OpenSSH.
!
- Oct 7, 2006:
Fix for an integer overflow in systrace(4)'s STRIOCREPLACE support,
found by Chris Evans.
!
- Oct 7, 2006:
Several problems have been found in OpenSSL.
!
- Oct 7, 2006:
httpd(8) does not sanitize the Expect header from an HTTP request
when it is reflected back in an error message, which might allow
cross-site scripting (XSS) style attacks.
!
- Sep 8, 2006:
Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is
possible for an attacker to construct an invalid signature which
OpenSSL would accept as a valid PKCS#1 v1.5 signature.
!
- Sep 8, 2006:
Two Denial of Service issues have been found with BIND.
!
- Sep 2, 2006:
Due to the failure to correctly validate LCP configuration option
lengths, it is possible for an attacker to send LCP packets via an
sppp(4) connection causing the kernel to panic.
!
- Aug 25, 2006:
A problem in isakmpd(8) caused IPsec to run partly without replay
protection.
!
- Aug 25, 2006:
It is possible to cause the kernel to panic when more than the default
number of sempahores have been allocated.
!
- Aug 25, 2006:
Due to an off-by-one error in dhcpd(8) it is possible to cause dhcpd(8)
to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier
option.
!
- Aug 25, 2006:
A potential denial of service problem has been found in sendmail.
!
- Jul 30, 2006:
httpd(8)'s mod_rewrite has a potentially exploitable off-by-one buffer
overflow.
!
- Jun 15, 2006:
A potential denial of service problem has been found in sendmail.
!
- May 2, 2006:
A buffer overflow exists in the Render extension of the X server.
!
- Mar 25, 2006:
A race condition has been reported to exist in the handling by sendmail
of asynchronous signals.
--- 232,278 ----
! - Oct 12, 2006:
Fix 2 security bugs found in OpenSSH.
!
- Oct 7, 2006:
Fix for an integer overflow in systrace(4)'s STRIOCREPLACE support,
found by Chris Evans.
!
- Oct 7, 2006:
Several problems have been found in OpenSSL.
!
- Oct 7, 2006:
httpd(8) does not sanitize the Expect header from an HTTP request
when it is reflected back in an error message, which might allow
cross-site scripting (XSS) style attacks.
!
- Sep 8, 2006:
Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is
possible for an attacker to construct an invalid signature which
OpenSSL would accept as a valid PKCS#1 v1.5 signature.
!
- Sep 8, 2006:
Two Denial of Service issues have been found with BIND.
!
- Sep 2, 2006:
Due to the failure to correctly validate LCP configuration option
lengths, it is possible for an attacker to send LCP packets via an
sppp(4) connection causing the kernel to panic.
!
- Aug 25, 2006:
A problem in isakmpd(8) caused IPsec to run partly without replay
protection.
!
- Aug 25, 2006:
It is possible to cause the kernel to panic when more than the default
number of sempahores have been allocated.
!
- Aug 25, 2006:
Due to an off-by-one error in dhcpd(8) it is possible to cause dhcpd(8)
to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier
option.
!
- Aug 25, 2006:
A potential denial of service problem has been found in sendmail.
!
- Jul 30, 2006:
httpd(8)'s mod_rewrite has a potentially exploitable off-by-one buffer
overflow.
!
- Jun 15, 2006:
A potential denial of service problem has been found in sendmail.
!
- May 2, 2006:
A buffer overflow exists in the Render extension of the X server.
!
- Mar 25, 2006:
A race condition has been reported to exist in the handling by sendmail
of asynchronous signals.
***************
*** 1509,1515 ****
www@openbsd.org
! $OpenBSD: security.html,v 1.332 2006/10/12 07:05:21 brad Exp $