version 1.123, 2000/01/20 17:49:33 |
version 1.124, 2000/05/23 20:58:20 |
|
|
<p> |
<p> |
</td> |
</td> |
<td valign="top"> |
<td valign="top"> |
|
<a href="#27">For 2.7 security advisories</a>.<br> |
<a href="#26">For 2.6 security advisories</a>.<br> |
<a href="#26">For 2.6 security advisories</a>.<br> |
<a href="#25">For 2.5 security advisories</a>.<br> |
<a href="#25">For 2.5 security advisories</a>.<br> |
<a href="#24">For 2.4 security advisories</a>.<br> |
<a href="#24">For 2.4 security advisories</a>.<br> |
|
|
<dl> |
<dl> |
|
|
<li> |
<li> |
|
<a name=27></a> |
|
|
|
<h3><font color=#e00000>OpenBSD 2.7 Security Advisories</font></h3> |
|
These are the OpenBSD 2.7 advisories -- all these problems are solved |
|
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
|
OpenBSD 2.6 advisories listed below are fixed in OpenBSD 2.7. |
|
|
|
<p> |
|
<ul> |
|
<li>No 2.7 security advisories yet. |
|
</ul> |
|
|
|
<p> |
|
<li> |
<a name=26></a> |
<a name=26></a> |
|
|
<h3><font color=#e00000>OpenBSD 2.6 Security Advisories</font></h3> |
<h3><font color=#e00000>OpenBSD 2.6 Security Advisories</font></h3> |
|
|
A buffer overflow in the RSAREF code included in the |
A buffer overflow in the RSAREF code included in the |
USA version of libssl, is possibly exploitable in |
USA version of libssl, is possibly exploitable in |
httpd, ssh, or isakmpd, if SSL/RSA features are enabled. |
httpd, ssh, or isakmpd, if SSL/RSA features are enabled. |
(patch included).</a> |
(patch included).<br></a> |
|
<strong>Update:</strong> Turns out that this was not exploitable |
|
in any of the software included in OpenBSD 2.6. |
<li><a href=errata.html#sendmail>Dec 4, 1999: |
<li><a href=errata.html#sendmail>Dec 4, 1999: |
Sendmail permitted any user to cause a aliases file wrap, |
Sendmail permitted any user to cause a aliases file wrap, |
thus exposing the system to a race where the aliases file |
thus exposing the system to a race where the aliases file |