===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.412
retrieving revision 1.413
diff -c -r1.412 -r1.413
*** www/security.html	2014/05/01 15:15:22	1.412
--- www/security.html	2014/05/13 20:12:43	1.413
***************
*** 718,724 ****
  <a name="38"></a>
  
  <h3><font color="#e00000">OpenBSD 3.8 Security Advisories</font></h3>
! These are the OpenBSD 3.8 advisories -- all these problems are solved 
  in <a href=anoncvs.html>OpenBSD current</a> and the
  <a href=stable.html>patch branch</a>.
  
--- 718,724 ----
  <a name="38"></a>
  
  <h3><font color="#e00000">OpenBSD 3.8 Security Advisories</font></h3>
! These are the OpenBSD 3.8 advisories -- all these problems are solved
  in <a href=anoncvs.html>OpenBSD current</a> and the
  <a href=stable.html>patch branch</a>.
  
***************
*** 784,790 ****
  <a name="37"></a>
  
  <h3><font color="#e00000">OpenBSD 3.7 Security Advisories</font></h3>
! These are the OpenBSD 3.7 advisories -- all these problems are solved 
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.7 is no longer being maintained,
  you should update your machine.
--- 784,790 ----
  <a name="37"></a>
  
  <h3><font color="#e00000">OpenBSD 3.7 Security Advisories</font></h3>
! These are the OpenBSD 3.7 advisories -- all these problems are solved
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.7 is no longer being maintained,
  you should update your machine.
***************
*** 823,829 ****
  <a name="36"></a>
  
  <h3><font color="#e00000">OpenBSD 3.6 Security Advisories</font></h3>
! These are the OpenBSD 3.6 advisories -- all these problems are solved 
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.6 is no longer being maintained,
  you should update your machine.
--- 823,829 ----
  <a name="36"></a>
  
  <h3><font color="#e00000">OpenBSD 3.6 Security Advisories</font></h3>
! These are the OpenBSD 3.6 advisories -- all these problems are solved
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.6 is no longer being maintained,
  you should update your machine.
***************
*** 865,871 ****
  <a name="35"></a>
  
  <h3><font color="#e00000">OpenBSD 3.5 Security Advisories</font></h3>
! These are the OpenBSD 3.5 advisories -- all these problems are solved 
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.5 is no longer being maintained,
  you should update your machine.
--- 865,871 ----
  <a name="35"></a>
  
  <h3><font color="#e00000">OpenBSD 3.5 Security Advisories</font></h3>
! These are the OpenBSD 3.5 advisories -- all these problems are solved
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.5 is no longer being maintained,
  you should update your machine.
***************
*** 916,922 ****
  	to the possibility of principal impersonation from other
  	Kerberos realms if they	are trusted with a cross-realm trust.</a>
  <li><a href="errata35.html#xdm"> May 26, 2004:
! 	xdm(1) ignores the requestPort resource and creates a 
          listening socket regardless of the setting in xdm-config.</a>
  <li><a href="errata35.html#cvs2"> May 20, 2004:
  	A buffer overflow in the cvs(1) server has been found,
--- 916,922 ----
  	to the possibility of principal impersonation from other
  	Kerberos realms if they	are trusted with a cross-realm trust.</a>
  <li><a href="errata35.html#xdm"> May 26, 2004:
! 	xdm(1) ignores the requestPort resource and creates a
          listening socket regardless of the setting in xdm-config.</a>
  <li><a href="errata35.html#cvs2"> May 20, 2004:
  	A buffer overflow in the cvs(1) server has been found,
***************
*** 936,942 ****
  <a name="34"></a>
  
  <h3><font color="#e00000">OpenBSD 3.4 Security Advisories</font></h3>
! These are the OpenBSD 3.4 advisories -- all these problems are solved 
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.4 is no longer being maintained,
  you should update your machine.
--- 936,942 ----
  <a name="34"></a>
  
  <h3><font color="#e00000">OpenBSD 3.4 Security Advisories</font></h3>
! These are the OpenBSD 3.4 advisories -- all these problems are solved
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.4 is no longer being maintained,
  you should update your machine.
***************
*** 1009,1015 ****
  <a name="33"></a>
  
  <h3><font color="#e00000">OpenBSD 3.3 Security Advisories</font></h3>
! These are the OpenBSD 3.3 advisories -- all these problems are solved 
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.3 is no longer being maintained,
  you should update your machine.
--- 1009,1015 ----
  <a name="33"></a>
  
  <h3><font color="#e00000">OpenBSD 3.3 Security Advisories</font></h3>
! These are the OpenBSD 3.3 advisories -- all these problems are solved
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.3 is no longer being maintained,
  you should update your machine.
***************
*** 1040,1054 ****
          Several message handling flaws in isakmpd(8) have been reported
          by Thomas Walpuski.</a>
  <li><a href="errata33.html#ibcs2">November 17, 2003:
! 	It may be possible for a local user to execute arbitrary code 
! 	resulting in escalation of privileges due to a stack overrun 
  	in compat_ibcs2(8).</a>
  <li><a href="errata33.html#asn1">October 1, 2003:
  	The use of certain ASN.1 encodings or malformed public keys may
  	allow an attacker to mount a denial of service attack against
  	applications linked with ssl(3).</a>
  <li><a href="errata33.html#pfnorm">September 24, 2003:
! 	Access of freed memory in pf(4) could be used to 
  	remotely panic a machine using scrub rules.</a>
  <li><a href="errata33.html#sendmail">September 17, 2003:
  	A buffer overflow in the address parsing in
--- 1040,1054 ----
          Several message handling flaws in isakmpd(8) have been reported
          by Thomas Walpuski.</a>
  <li><a href="errata33.html#ibcs2">November 17, 2003:
! 	It may be possible for a local user to execute arbitrary code
! 	resulting in escalation of privileges due to a stack overrun
  	in compat_ibcs2(8).</a>
  <li><a href="errata33.html#asn1">October 1, 2003:
  	The use of certain ASN.1 encodings or malformed public keys may
  	allow an attacker to mount a denial of service attack against
  	applications linked with ssl(3).</a>
  <li><a href="errata33.html#pfnorm">September 24, 2003:
! 	Access of freed memory in pf(4) could be used to
  	remotely panic a machine using scrub rules.</a>
  <li><a href="errata33.html#sendmail">September 17, 2003:
  	A buffer overflow in the address parsing in
***************
*** 1073,1079 ****
  <a name="32"></a>
  
  <h3><font color="#e00000">OpenBSD 3.2 Security Advisories</font></h3>
! These are the OpenBSD 3.2 advisories -- all these problems are solved 
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.2 is no longer being maintained,
  you should update your machine.
--- 1073,1079 ----
  <a name="32"></a>
  
  <h3><font color="#e00000">OpenBSD 3.2 Security Advisories</font></h3>
! These are the OpenBSD 3.2 advisories -- all these problems are solved
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.2 is no longer being maintained,
  you should update your machine.
***************
*** 1084,1090 ****
  	allow an attacker to mount a denial of service attack against
  	applications linked with ssl(3).  This does not affect OpenSSH.</a>
  <li><a href="errata32.html#pfnorm">September 24, 2003:
! 	Access of freed memory in pf(4) could be used to 
  	remotely panic a machine using scrub rules.</a>
  <li><a href="errata32.html#sendmail4">September 17, 2003:
  	A buffer overflow in the address parsing in
--- 1084,1090 ----
  	allow an attacker to mount a denial of service attack against
  	applications linked with ssl(3).  This does not affect OpenSSH.</a>
  <li><a href="errata32.html#pfnorm">September 24, 2003:
! 	Access of freed memory in pf(4) could be used to
  	remotely panic a machine using scrub rules.</a>
  <li><a href="errata32.html#sendmail4">September 17, 2003:
  	A buffer overflow in the address parsing in
***************
*** 1123,1129 ****
  	numbers as part of the file handle.</a>
  <li><a href="errata32.html#ssl">February 22, 2003:
  	In ssl(8) an information leak can occur via timing by performing
! 	a MAC computation even if incorrect block cipher padding has 
  	been found, this is a countermeasure. Also, check for negative
  	sizes, in allocation routines.</a>
  <li><a href="errata32.html#cvs">January 20, 2003:
--- 1123,1129 ----
  	numbers as part of the file handle.</a>
  <li><a href="errata32.html#ssl">February 22, 2003:
  	In ssl(8) an information leak can occur via timing by performing
! 	a MAC computation even if incorrect block cipher padding has
  	been found, this is a countermeasure. Also, check for negative
  	sizes, in allocation routines.</a>
  <li><a href="errata32.html#cvs">January 20, 2003:
***************
*** 1153,1160 ****
  <a name="31"></a>
  
  <h3><font color="#e00000">OpenBSD 3.1 Security Advisories</font></h3>
! These are the OpenBSD 3.1 advisories -- all these problems are solved 
! in <a href="anoncvs.html">OpenBSD current</a>. The 
  <a href="stable.html">patch branch</a> for 3.1 is no longer being maintained,
  you should update your machine.
  
--- 1153,1160 ----
  <a name="31"></a>
  
  <h3><font color="#e00000">OpenBSD 3.1 Security Advisories</font></h3>
! These are the OpenBSD 3.1 advisories -- all these problems are solved
! in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.1 is no longer being maintained,
  you should update your machine.
  
***************
*** 1180,1186 ****
  	sendmail(8) may allow an attacker to gain root privileges.</a>
  <li><a href="errata31.html#ssl2">February 23, 2003:
  	In ssl(8) an information leak can occur via timing by performing
! 	a MAC computation even if incorrect block cipher padding has 
  	been found, this is a countermeasure. Also, check for negative
  	sizes, in allocation routines.</a>
  <li><a href="errata31.html#cvs">January 20, 2003:
--- 1180,1186 ----
  	sendmail(8) may allow an attacker to gain root privileges.</a>
  <li><a href="errata31.html#ssl2">February 23, 2003:
  	In ssl(8) an information leak can occur via timing by performing
! 	a MAC computation even if incorrect block cipher padding has
  	been found, this is a countermeasure. Also, check for negative
  	sizes, in allocation routines.</a>
  <li><a href="errata31.html#cvs">January 20, 2003:
***************
*** 1258,1264 ****
  <a name="30"></a>
  
  <h3><font color="#e00000">OpenBSD 3.0 Security Advisories</font></h3>
! These are the OpenBSD 3.0 advisories -- all these problems are solved 
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.0 is no longer being maintained,
  you should update your machine.
--- 1258,1264 ----
  <a name="30"></a>
  
  <h3><font color="#e00000">OpenBSD 3.0 Security Advisories</font></h3>
! These are the OpenBSD 3.0 advisories -- all these problems are solved
  in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a> for 3.0 is no longer being maintained,
  you should update your machine.
***************
*** 1368,1375 ****
  <a name="29"></a>
  
  <h3><font color="#e00000">OpenBSD 2.9 Security Advisories</font></h3>
! These are the OpenBSD 2.9 advisories -- all these problems are solved 
! in <a href="anoncvs.html">OpenBSD current</a>. The 
  <a href="stable.html">patch branch</a>. for 2.9 is no longer being maintained,
  you should update your machine.
  
--- 1368,1375 ----
  <a name="29"></a>
  
  <h3><font color="#e00000">OpenBSD 2.9 Security Advisories</font></h3>
! These are the OpenBSD 2.9 advisories -- all these problems are solved
! in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a>. for 2.9 is no longer being maintained,
  you should update your machine.
  
***************
*** 1447,1454 ****
  <a name="28"></a>
  
  <h3><font color="#e00000">OpenBSD 2.8 Security Advisories</font></h3>
! These are the OpenBSD 2.8 advisories -- all these problems are solved 
! in <a href="anoncvs.html">OpenBSD current</a>. The 
  <a href="stable.html">patch branch</a>. for 2.8 is no longer being maintained,
  you should update your machine.
  
--- 1447,1454 ----
  <a name="28"></a>
  
  <h3><font color="#e00000">OpenBSD 2.8 Security Advisories</font></h3>
! These are the OpenBSD 2.8 advisories -- all these problems are solved
! in <a href="anoncvs.html">OpenBSD current</a>. The
  <a href="stable.html">patch branch</a>. for 2.8 is no longer being maintained,
  you should update your machine.
  
***************
*** 1507,1513 ****
  <a name="27"></a>
  
  <h3><font color="#e00000">OpenBSD 2.7 Security Advisories</font></h3>
! These are the OpenBSD 2.7 advisories -- all these problems are solved 
  in <a href="anoncvs.html">OpenBSD current</a>.  Obviously, all the
  OpenBSD 2.6 advisories listed below are fixed in OpenBSD 2.7.
  
--- 1507,1513 ----
  <a name="27"></a>
  
  <h3><font color="#e00000">OpenBSD 2.7 Security Advisories</font></h3>
! These are the OpenBSD 2.7 advisories -- all these problems are solved
  in <a href="anoncvs.html">OpenBSD current</a>.  Obviously, all the
  OpenBSD 2.6 advisories listed below are fixed in OpenBSD 2.7.
  
***************
*** 1526,1532 ****
  	X11 libraries have 2 potential overflows in xtrans code.
  	(patch included)</a>
  <li><a href="errata27.html#httpd">Oct 18, 2000:
! 	Apache mod_rewrite and mod_vhost_alias modules could expose files 
  	on the server in certain configurations if used.
  	(patch included)</a>
  <li><a href="errata27.html#telnetd">Oct 10, 2000:
--- 1526,1532 ----
  	X11 libraries have 2 potential overflows in xtrans code.
  	(patch included)</a>
  <li><a href="errata27.html#httpd">Oct 18, 2000:
! 	Apache mod_rewrite and mod_vhost_alias modules could expose files
  	on the server in certain configurations if used.
  	(patch included)</a>
  <li><a href="errata27.html#telnetd">Oct 10, 2000:
***************
*** 1590,1596 ****
  <li><a href="errata27.html#ipf">May 25, 2000:
  	Improper use of ipf <i>keep-state</i> rules can result
  	in firewall rules being bypassed. (patch included)</a>
! 	
  </ul>
  
  <p>
--- 1590,1596 ----
  <li><a href="errata27.html#ipf">May 25, 2000:
  	Improper use of ipf <i>keep-state</i> rules can result
  	in firewall rules being bypassed. (patch included)</a>
! 
  </ul>
  
  <p>
***************
*** 1598,1604 ****
  <a name="26"></a>
  
  <h3><font color="#e00000">OpenBSD 2.6 Security Advisories</font></h3>
! These are the OpenBSD 2.6 advisories -- all these problems are solved 
  in <a href="anoncvs.html">OpenBSD current</a>.  Obviously, all the
  OpenBSD 2.5 advisories listed below are fixed in OpenBSD 2.6.
  
--- 1598,1604 ----
  <a name="26"></a>
  
  <h3><font color="#e00000">OpenBSD 2.6 Security Advisories</font></h3>
! These are the OpenBSD 2.6 advisories -- all these problems are solved
  in <a href="anoncvs.html">OpenBSD current</a>.  Obviously, all the
  OpenBSD 2.5 advisories listed below are fixed in OpenBSD 2.6.
  
***************
*** 1610,1623 ****
  <li><a href="errata26.html#ipf">May 25, 2000:
  	Improper use of ipf <i>keep-state</i> rules can result
  	in firewall rules being bypassed. (patch included)</a>
! <li><a href="errata26.html#xlockmore">May 25, 2000: 
  	xlockmore has a bug which a localhost attacker can use to gain
  	access to the encrypted root password hash (which is normally
  	encoded using blowfish</a> (see
  	<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypt&amp;sektion=3">
  	crypt(3)</a>)
  	(patch included).
! <li><a href="errata26.html#procfs">Jan 20, 2000: 
  	Systems running with procfs enabled and mounted are
  	vulnerable to a very tricky exploit.  procfs is not
  	mounted by default.
--- 1610,1623 ----
  <li><a href="errata26.html#ipf">May 25, 2000:
  	Improper use of ipf <i>keep-state</i> rules can result
  	in firewall rules being bypassed. (patch included)</a>
! <li><a href="errata26.html#xlockmore">May 25, 2000:
  	xlockmore has a bug which a localhost attacker can use to gain
  	access to the encrypted root password hash (which is normally
  	encoded using blowfish</a> (see
  	<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypt&amp;sektion=3">
  	crypt(3)</a>)
  	(patch included).
! <li><a href="errata26.html#procfs">Jan 20, 2000:
  	Systems running with procfs enabled and mounted are
  	vulnerable to a very tricky exploit.  procfs is not
  	mounted by default.
***************
*** 1636,1642 ****
  	(patch included).<br></a>
  	<strong>Update:</strong> Turns out that this was not exploitable
  	in any of the software included in OpenBSD 2.6.
! <li><a href="errata26.html#ifmedia">Nov 9, 1999: 
  	Any user could change interface media configurations, resulting in
  	a localhost denial of service attack.
  	(patch included).</a>
--- 1636,1642 ----
  	(patch included).<br></a>
  	<strong>Update:</strong> Turns out that this was not exploitable
  	in any of the software included in OpenBSD 2.6.
! <li><a href="errata26.html#ifmedia">Nov 9, 1999:
  	Any user could change interface media configurations, resulting in
  	a localhost denial of service attack.
  	(patch included).</a>
***************
*** 1647,1659 ****
  <a name="25"></a>
  
  <h3><font color="#e00000">OpenBSD 2.5 Security Advisories</font></h3>
! These are the OpenBSD 2.5 advisories -- all these problems are solved 
  in <a href="anoncvs.html">OpenBSD current</a>.  Obviously, all the
  OpenBSD 2.4 advisories listed below are fixed in OpenBSD 2.5.
  
  <p>
  <ul>
! <li><a href="errata25.html#cron">Aug 30, 1999: 
  	In cron(8), make sure argv[] is NULL terminated in the
  	fake popen() and run sendmail as the user, not as root.
  	(patch included).</a>
--- 1647,1659 ----
  <a name="25"></a>
  
  <h3><font color="#e00000">OpenBSD 2.5 Security Advisories</font></h3>
! These are the OpenBSD 2.5 advisories -- all these problems are solved
  in <a href="anoncvs.html">OpenBSD current</a>.  Obviously, all the
  OpenBSD 2.4 advisories listed below are fixed in OpenBSD 2.5.
  
  <p>
  <ul>
! <li><a href="errata25.html#cron">Aug 30, 1999:
  	In cron(8), make sure argv[] is NULL terminated in the
  	fake popen() and run sendmail as the user, not as root.
  	(patch included).</a>
***************
*** 1682,1688 ****
  <a name="24"></a>
  
  <h3><font color="#e00000">OpenBSD 2.4 Security Advisories</font></h3>
! These are the OpenBSD 2.4 advisories -- all these problems are solved 
  in <a href="anoncvs.html">OpenBSD current</a>.  Obviously, all the
  OpenBSD 2.3 advisories listed below are fixed in OpenBSD 2.4.
  
--- 1682,1688 ----
  <a name="24"></a>
  
  <h3><font color="#e00000">OpenBSD 2.4 Security Advisories</font></h3>
! These are the OpenBSD 2.4 advisories -- all these problems are solved
  in <a href="anoncvs.html">OpenBSD current</a>.  Obviously, all the
  OpenBSD 2.3 advisories listed below are fixed in OpenBSD 2.4.
  
***************
*** 1699,1705 ****
  <li><a href="errata24.html#ping">Feb 23, 1999: Yet another buffer overflow
  	existed in ping(8). (patch included).</a>
  <li><a href="errata24.html#ipqrace">Feb 19, 1999: ipintr() had a race in use of
! 	the ipq, which could permit an attacker to cause a crash. 
  	(patch included).</a>
  <li><a href="errata24.html#accept">Feb 17, 1999: A race condition in the
  	kernel between accept(2) and select(2) could permit an attacker
--- 1699,1705 ----
  <li><a href="errata24.html#ping">Feb 23, 1999: Yet another buffer overflow
  	existed in ping(8). (patch included).</a>
  <li><a href="errata24.html#ipqrace">Feb 19, 1999: ipintr() had a race in use of
! 	the ipq, which could permit an attacker to cause a crash.
  	(patch included).</a>
  <li><a href="errata24.html#accept">Feb 17, 1999: A race condition in the
  	kernel between accept(2) and select(2) could permit an attacker
***************
*** 1727,1733 ****
  <a name="23"></a>
  
  <h3><font color="#e00000">OpenBSD 2.3 Security Advisories</font></h3>
! These are the OpenBSD 2.3 advisories -- all these problems are solved 
  in <a href="anoncvs.html">OpenBSD current</a>.  Obviously, all the
  OpenBSD 2.2 advisories listed below are fixed in OpenBSD 2.3.
  
--- 1727,1733 ----
  <a name="23"></a>
  
  <h3><font color="#e00000">OpenBSD 2.3 Security Advisories</font></h3>
! These are the OpenBSD 2.3 advisories -- all these problems are solved
  in <a href="anoncvs.html">OpenBSD current</a>.  Obviously, all the
  OpenBSD 2.2 advisories listed below are fixed in OpenBSD 2.3.
  
***************
*** 1829,1835 ****
  <p>
  <ul>
  <li><a href="advisories/res_random.txt">April 22, 1997: Predictable IDs in the
! 	resolver (patch included)</a> 
  <li>Many others... if people can hunt them down, please let me know
  	and we'll put them up here.
  </ul>
--- 1829,1835 ----
  <p>
  <ul>
  <li><a href="advisories/res_random.txt">April 22, 1997: Predictable IDs in the
! 	resolver (patch included)</a>
  <li>Many others... if people can hunt them down, please let me know
  	and we'll put them up here.
  </ul>
***************
*** 1875,1881 ****
  	transition between major releases.
  <li>Install a binary snapshot for your
  	architecture, which are made available fairly often.  For
! 	instance, an i386 snapshot is typically made available weekly. 
  </ul>
  
  <p>
--- 1875,1881 ----
  	transition between major releases.
  <li>Install a binary snapshot for your
  	architecture, which are made available fairly often.  For
! 	instance, an i386 snapshot is typically made available weekly.
  </ul>
  
  <p>