===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.412
retrieving revision 1.413
diff -c -r1.412 -r1.413
*** www/security.html 2014/05/01 15:15:22 1.412
--- www/security.html 2014/05/13 20:12:43 1.413
***************
*** 718,724 ****
OpenBSD 3.8 Security Advisories
! These are the OpenBSD 3.8 advisories -- all these problems are solved
in OpenBSD current and the
patch branch.
--- 718,724 ----
OpenBSD 3.8 Security Advisories
! These are the OpenBSD 3.8 advisories -- all these problems are solved
in OpenBSD current and the
patch branch.
***************
*** 784,790 ****
OpenBSD 3.7 Security Advisories
! These are the OpenBSD 3.7 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.7 is no longer being maintained,
you should update your machine.
--- 784,790 ----
OpenBSD 3.7 Security Advisories
! These are the OpenBSD 3.7 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.7 is no longer being maintained,
you should update your machine.
***************
*** 823,829 ****
OpenBSD 3.6 Security Advisories
! These are the OpenBSD 3.6 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.6 is no longer being maintained,
you should update your machine.
--- 823,829 ----
OpenBSD 3.6 Security Advisories
! These are the OpenBSD 3.6 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.6 is no longer being maintained,
you should update your machine.
***************
*** 865,871 ****
OpenBSD 3.5 Security Advisories
! These are the OpenBSD 3.5 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.5 is no longer being maintained,
you should update your machine.
--- 865,871 ----
OpenBSD 3.5 Security Advisories
! These are the OpenBSD 3.5 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.5 is no longer being maintained,
you should update your machine.
***************
*** 916,922 ****
to the possibility of principal impersonation from other
Kerberos realms if they are trusted with a cross-realm trust.
May 26, 2004:
! xdm(1) ignores the requestPort resource and creates a
listening socket regardless of the setting in xdm-config.
May 20, 2004:
A buffer overflow in the cvs(1) server has been found,
--- 916,922 ----
to the possibility of principal impersonation from other
Kerberos realms if they are trusted with a cross-realm trust.
May 26, 2004:
! xdm(1) ignores the requestPort resource and creates a
listening socket regardless of the setting in xdm-config.
May 20, 2004:
A buffer overflow in the cvs(1) server has been found,
***************
*** 936,942 ****
OpenBSD 3.4 Security Advisories
! These are the OpenBSD 3.4 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.4 is no longer being maintained,
you should update your machine.
--- 936,942 ----
OpenBSD 3.4 Security Advisories
! These are the OpenBSD 3.4 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.4 is no longer being maintained,
you should update your machine.
***************
*** 1009,1015 ****
OpenBSD 3.3 Security Advisories
! These are the OpenBSD 3.3 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.3 is no longer being maintained,
you should update your machine.
--- 1009,1015 ----
OpenBSD 3.3 Security Advisories
! These are the OpenBSD 3.3 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.3 is no longer being maintained,
you should update your machine.
***************
*** 1040,1054 ****
Several message handling flaws in isakmpd(8) have been reported
by Thomas Walpuski.
November 17, 2003:
! It may be possible for a local user to execute arbitrary code
! resulting in escalation of privileges due to a stack overrun
in compat_ibcs2(8).
October 1, 2003:
The use of certain ASN.1 encodings or malformed public keys may
allow an attacker to mount a denial of service attack against
applications linked with ssl(3).
September 24, 2003:
! Access of freed memory in pf(4) could be used to
remotely panic a machine using scrub rules.
September 17, 2003:
A buffer overflow in the address parsing in
--- 1040,1054 ----
Several message handling flaws in isakmpd(8) have been reported
by Thomas Walpuski.
November 17, 2003:
! It may be possible for a local user to execute arbitrary code
! resulting in escalation of privileges due to a stack overrun
in compat_ibcs2(8).
October 1, 2003:
The use of certain ASN.1 encodings or malformed public keys may
allow an attacker to mount a denial of service attack against
applications linked with ssl(3).
September 24, 2003:
! Access of freed memory in pf(4) could be used to
remotely panic a machine using scrub rules.
September 17, 2003:
A buffer overflow in the address parsing in
***************
*** 1073,1079 ****
OpenBSD 3.2 Security Advisories
! These are the OpenBSD 3.2 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.2 is no longer being maintained,
you should update your machine.
--- 1073,1079 ----
OpenBSD 3.2 Security Advisories
! These are the OpenBSD 3.2 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.2 is no longer being maintained,
you should update your machine.
***************
*** 1084,1090 ****
allow an attacker to mount a denial of service attack against
applications linked with ssl(3). This does not affect OpenSSH.
September 24, 2003:
! Access of freed memory in pf(4) could be used to
remotely panic a machine using scrub rules.
September 17, 2003:
A buffer overflow in the address parsing in
--- 1084,1090 ----
allow an attacker to mount a denial of service attack against
applications linked with ssl(3). This does not affect OpenSSH.
September 24, 2003:
! Access of freed memory in pf(4) could be used to
remotely panic a machine using scrub rules.
September 17, 2003:
A buffer overflow in the address parsing in
***************
*** 1123,1129 ****
numbers as part of the file handle.
February 22, 2003:
In ssl(8) an information leak can occur via timing by performing
! a MAC computation even if incorrect block cipher padding has
been found, this is a countermeasure. Also, check for negative
sizes, in allocation routines.
January 20, 2003:
--- 1123,1129 ----
numbers as part of the file handle.
February 22, 2003:
In ssl(8) an information leak can occur via timing by performing
! a MAC computation even if incorrect block cipher padding has
been found, this is a countermeasure. Also, check for negative
sizes, in allocation routines.
January 20, 2003:
***************
*** 1153,1160 ****
OpenBSD 3.1 Security Advisories
! These are the OpenBSD 3.1 advisories -- all these problems are solved
! in OpenBSD current. The
patch branch for 3.1 is no longer being maintained,
you should update your machine.
--- 1153,1160 ----
OpenBSD 3.1 Security Advisories
! These are the OpenBSD 3.1 advisories -- all these problems are solved
! in OpenBSD current. The
patch branch for 3.1 is no longer being maintained,
you should update your machine.
***************
*** 1180,1186 ****
sendmail(8) may allow an attacker to gain root privileges.
February 23, 2003:
In ssl(8) an information leak can occur via timing by performing
! a MAC computation even if incorrect block cipher padding has
been found, this is a countermeasure. Also, check for negative
sizes, in allocation routines.
January 20, 2003:
--- 1180,1186 ----
sendmail(8) may allow an attacker to gain root privileges.
February 23, 2003:
In ssl(8) an information leak can occur via timing by performing
! a MAC computation even if incorrect block cipher padding has
been found, this is a countermeasure. Also, check for negative
sizes, in allocation routines.
January 20, 2003:
***************
*** 1258,1264 ****
OpenBSD 3.0 Security Advisories
! These are the OpenBSD 3.0 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.0 is no longer being maintained,
you should update your machine.
--- 1258,1264 ----
OpenBSD 3.0 Security Advisories
! These are the OpenBSD 3.0 advisories -- all these problems are solved
in OpenBSD current. The
patch branch for 3.0 is no longer being maintained,
you should update your machine.
***************
*** 1368,1375 ****
OpenBSD 2.9 Security Advisories
! These are the OpenBSD 2.9 advisories -- all these problems are solved
! in OpenBSD current. The
patch branch. for 2.9 is no longer being maintained,
you should update your machine.
--- 1368,1375 ----
OpenBSD 2.9 Security Advisories
! These are the OpenBSD 2.9 advisories -- all these problems are solved
! in OpenBSD current. The
patch branch. for 2.9 is no longer being maintained,
you should update your machine.
***************
*** 1447,1454 ****
OpenBSD 2.8 Security Advisories
! These are the OpenBSD 2.8 advisories -- all these problems are solved
! in OpenBSD current. The
patch branch. for 2.8 is no longer being maintained,
you should update your machine.
--- 1447,1454 ----
OpenBSD 2.8 Security Advisories
! These are the OpenBSD 2.8 advisories -- all these problems are solved
! in OpenBSD current. The
patch branch. for 2.8 is no longer being maintained,
you should update your machine.
***************
*** 1507,1513 ****
OpenBSD 2.7 Security Advisories
! These are the OpenBSD 2.7 advisories -- all these problems are solved
in OpenBSD current. Obviously, all the
OpenBSD 2.6 advisories listed below are fixed in OpenBSD 2.7.
--- 1507,1513 ----
OpenBSD 2.7 Security Advisories
! These are the OpenBSD 2.7 advisories -- all these problems are solved
in OpenBSD current. Obviously, all the
OpenBSD 2.6 advisories listed below are fixed in OpenBSD 2.7.
***************
*** 1526,1532 ****
X11 libraries have 2 potential overflows in xtrans code.
(patch included)
Oct 18, 2000:
! Apache mod_rewrite and mod_vhost_alias modules could expose files
on the server in certain configurations if used.
(patch included)
Oct 10, 2000:
--- 1526,1532 ----
X11 libraries have 2 potential overflows in xtrans code.
(patch included)
Oct 18, 2000:
! Apache mod_rewrite and mod_vhost_alias modules could expose files
on the server in certain configurations if used.
(patch included)
Oct 10, 2000:
***************
*** 1590,1596 ****
May 25, 2000:
Improper use of ipf keep-state rules can result
in firewall rules being bypassed. (patch included)
!
--- 1590,1596 ----
May 25, 2000:
Improper use of ipf keep-state rules can result
in firewall rules being bypassed. (patch included)
!
***************
*** 1598,1604 ****
OpenBSD 2.6 Security Advisories
! These are the OpenBSD 2.6 advisories -- all these problems are solved
in OpenBSD current. Obviously, all the
OpenBSD 2.5 advisories listed below are fixed in OpenBSD 2.6.
--- 1598,1604 ----
OpenBSD 2.6 Security Advisories
! These are the OpenBSD 2.6 advisories -- all these problems are solved
in OpenBSD current. Obviously, all the
OpenBSD 2.5 advisories listed below are fixed in OpenBSD 2.6.
***************
*** 1610,1623 ****
May 25, 2000:
Improper use of ipf keep-state rules can result
in firewall rules being bypassed. (patch included)
! May 25, 2000:
xlockmore has a bug which a localhost attacker can use to gain
access to the encrypted root password hash (which is normally
encoded using blowfish (see
crypt(3))
(patch included).
! Jan 20, 2000:
Systems running with procfs enabled and mounted are
vulnerable to a very tricky exploit. procfs is not
mounted by default.
--- 1610,1623 ----
May 25, 2000:
Improper use of ipf keep-state rules can result
in firewall rules being bypassed. (patch included)
! May 25, 2000:
xlockmore has a bug which a localhost attacker can use to gain
access to the encrypted root password hash (which is normally
encoded using blowfish (see
crypt(3))
(patch included).
! Jan 20, 2000:
Systems running with procfs enabled and mounted are
vulnerable to a very tricky exploit. procfs is not
mounted by default.
***************
*** 1636,1642 ****
(patch included).
Update: Turns out that this was not exploitable
in any of the software included in OpenBSD 2.6.
! Nov 9, 1999:
Any user could change interface media configurations, resulting in
a localhost denial of service attack.
(patch included).
--- 1636,1642 ----
(patch included).
Update: Turns out that this was not exploitable
in any of the software included in OpenBSD 2.6.
! Nov 9, 1999:
Any user could change interface media configurations, resulting in
a localhost denial of service attack.
(patch included).
***************
*** 1647,1659 ****
OpenBSD 2.5 Security Advisories
! These are the OpenBSD 2.5 advisories -- all these problems are solved
in OpenBSD current. Obviously, all the
OpenBSD 2.4 advisories listed below are fixed in OpenBSD 2.5.