www/security.html - diff

Return to security.html CVS log

Up to [local] / www

version 1.123, 2000/01/20 17:49:33

version 1.124, 2000/05/23 20:58:20

Line 35

<p>

</td>

<a href="#27">For 2.7 security advisories</a>.<br>

<a href="#26">For 2.6 security advisories</a>.<br>

<a href="#25">For 2.5 security advisories</a>.<br>

<a href="#24">For 2.4 security advisories</a>.<br>

Line 180

Line 181

<dl>

<li>

<h3><font color=#e00000>OpenBSD 2.7 Security Advisories</font></h3>

These are the OpenBSD 2.7 advisories -- all these problems are solved

in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the

OpenBSD 2.6 advisories listed below are fixed in OpenBSD 2.7.

<p>

<ul>

<li>No 2.7 security advisories yet.

</ul>

<p>

<li>

<h3><font color=#e00000>OpenBSD 2.6 Security Advisories</font></h3>

Line 201

Line 216

A buffer overflow in the RSAREF code included in the

USA version of libssl, is possibly exploitable in

httpd, ssh, or isakmpd, if SSL/RSA features are enabled.

(patch included).</a>

(patch included).<br></a>

<strong>Update:</strong> Turns out that this was not exploitable

in any of the software included in OpenBSD 2.6.

<li><a href=errata.html#sendmail>Dec 4, 1999:

Sendmail permitted any user to cause a aliases file wrap,

thus exposing the system to a race where the aliases file