version 1.20, 1998/02/20 21:44:08 |
version 1.21, 1998/02/21 15:49:58 |
|
|
<li><a href=/errata.html#mmap>Read-write mmap() flaw (patch included)</a> |
<li><a href=/errata.html#mmap>Read-write mmap() flaw (patch included)</a> |
</ul> |
</ul> |
|
|
|
|
|
<p> |
|
<h3><font color=#e00000><strong>Watching our Security Changes</strong></font></h3> |
|
Since we take a proactive stance with security, we are continually |
|
finding and fixing new security problems. Not all of these problems |
|
get widely reported because (as stated earlier) many of them are not |
|
confirmed to be exploitable. We do not have the time resources to |
|
make these changes available in the above format.<p> |
|
|
|
Thus there are usually minor security fixes in the current source code |
|
beyond the previous major OpenBSD release. We make a limited |
|
gaurantee that these problems are of limited impact and unproven |
|
exploitability. If we discover a problem definately matters for |
|
security, patches will show up here quickly.<p> |
|
|
|
People who are really concerned with critical |
|
security can do a number of things:<p> |
|
|
|
<ul> |
|
<li>If you understand security issues, watch our |
|
<a href=/mail.html>source-changes mailing list</a> and keep an |
|
eye out for things which appear security changes. Since |
|
exploitability is not proven for many of the fixes we make, |
|
do not expect the relevant commit message to say "SECURITY FIX!". |
|
If a problem is proven and serious, a patch will be available |
|
here very shortly after. |
|
<li>Track our current source code tree, and teach yourself how to do a |
|
complete system build from time to time. Make the assumption |
|
that the current source tree always has stronger security. |
|
<li>Install a binary <a href=/snapshots.html>snapshots</a>, which are |
|
made available fairly often. |
|
</ul> |
|
|
<p> |
<p> |
<h3><font color=#e00000><strong>Other Resources</strong></font></h3> |
<h3><font color=#e00000><strong>Other Resources</strong></font></h3> |
Other security advisories that have (in the past) affected OpenBSD can |
Other security advisories that have (in the past) affected OpenBSD can |