===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.391
retrieving revision 1.392
diff -c -r1.391 -r1.392
*** www/security.html 2012/05/01 17:52:06 1.391
--- www/security.html 2012/05/01 17:56:54 1.392
***************
*** 350,356 ****
April 14, 2010:
In TLS connections, certain incorrectly formatted records can
cause an OpenSSL client or server to crash due to a read
! attempt at NULL..
--- 350,356 ----
April 14, 2010:
In TLS connections, certain incorrectly formatted records can
cause an OpenSSL client or server to crash due to a read
! attempt at NULL.
***************
*** 366,378 ****
April 14, 2010:
In TLS connections, certain incorrectly formatted records can
cause an OpenSSL client or server to crash due to a read
! attempt at NULL..
March 12, 2010:
OpenSSL is susceptible to a buffer overflow due to a failure
! to check for NULL returns from bn_wexpand function calls.
November 26, 2009:
The SSL/TLS protocol is subject to man-in-the-middle attacks
! related to renegotiation.
--- 366,378 ----
April 14, 2010:
In TLS connections, certain incorrectly formatted records can
cause an OpenSSL client or server to crash due to a read
! attempt at NULL.
March 12, 2010:
OpenSSL is susceptible to a buffer overflow due to a failure
! to check for NULL returns from bn_wexpand function calls.
November 26, 2009:
The SSL/TLS protocol is subject to man-in-the-middle attacks
! related to renegotiation.
***************
*** 388,400 ****
April 14, 2010:
In TLS connections, certain incorrectly formatted records can
cause an OpenSSL client or server to crash due to a read
! attempt at NULL..
March 12, 2010:
OpenSSL is susceptible to a buffer overflow due to a failure
! to check for NULL returns from bn_wexpand function calls.
November 26, 2009:
The SSL/TLS protocol is subject to man-in-the-middle attacks
! related to renegotiation.
--- 388,400 ----
April 14, 2010:
In TLS connections, certain incorrectly formatted records can
cause an OpenSSL client or server to crash due to a read
! attempt at NULL.
March 12, 2010:
OpenSSL is susceptible to a buffer overflow due to a failure
! to check for NULL returns from bn_wexpand function calls.
November 26, 2009:
The SSL/TLS protocol is subject to man-in-the-middle attacks
! related to renegotiation.
***************
*** 1029,1035 ****
timing attacks.
March 5, 2003:
A buffer overflow in lprm(1) may allow an attacker to elevate
! privileges to user daemon..
March 3, 2003:
A buffer overflow in the envelope comments processing in
sendmail(8) may allow an attacker to gain root privileges.
--- 1029,1035 ----
timing attacks.
March 5, 2003:
A buffer overflow in lprm(1) may allow an attacker to elevate
! privileges to user daemon.
March 3, 2003:
A buffer overflow in the envelope comments processing in
sendmail(8) may allow an attacker to gain root privileges.
***************
*** 1103,1109 ****
January 20, 2003:
A double free exists in cvs(1) that could lead to privilege
escalation for cvs configurations where the cvs command is
! run as a privileged user.
November 14, 2002:
A buffer overflow exists in named(8) that could lead to a
remote crash or code execution as user named in a chroot jail.
--- 1103,1109 ----
January 20, 2003:
A double free exists in cvs(1) that could lead to privilege
escalation for cvs configurations where the cvs command is
! run as a privileged user.
November 14, 2002:
A buffer overflow exists in named(8) that could lead to a
remote crash or code execution as user named in a chroot jail.
***************
*** 1818,1824 ****
www@openbsd.org
! $OpenBSD: security.html,v 1.391 2012/05/01 17:52:06 tobias Exp $