version 1.260, 2003/10/05 22:14:49 |
version 1.261, 2003/10/24 22:12:41 |
|
|
<a href="#30">3.0</a>, |
<a href="#30">3.0</a>, |
<a href="#31">3.1</a>, |
<a href="#31">3.1</a>, |
<a href="#32">3.2</a>, |
<a href="#32">3.2</a>, |
<a href="#33">3.3</a>. |
<a href="#33">3.3</a>, |
|
<a href="#34">3.4</a>. |
</td> |
</td> |
</tr> |
</tr> |
</table> |
</table> |
|
|
<dl> |
<dl> |
|
|
<li> |
<li> |
|
<a name=34></a> |
|
|
|
<h3><font color=#e00000>OpenBSD 3.4 Security Advisories</font></h3> |
|
These are the OpenBSD 3.4 advisories -- all these problems are solved |
|
in <a href=anoncvs.html>OpenBSD current</a> and the |
|
<a href=stable.html>patch branch</a>. |
|
|
|
<p> |
|
<ul> |
|
<li>None yet. |
|
</ul> |
|
|
|
<p> |
|
<li> |
<a name=33></a> |
<a name=33></a> |
|
|
<h3><font color=#e00000>OpenBSD 3.3 Security Advisories</font></h3> |
<h3><font color=#e00000>OpenBSD 3.3 Security Advisories</font></h3> |
|
|
|
|
<p> |
<p> |
<ul> |
<ul> |
<li><a href=errata.html#asn1>October 1, 2003: |
<li><a href=errata33.html#asn1>October 1, 2003: |
The use of certain ASN.1 encodings or malformed public keys may |
The use of certain ASN.1 encodings or malformed public keys may |
allow an attacker to mount a denial of service attack against |
allow an attacker to mount a denial of service attack against |
applications linked with ssl(3).</a> |
applications linked with ssl(3).</a> |
<li><a href=errata.html#pfnorm>September 24, 2003: |
<li><a href=errata33.html#pfnorm>September 24, 2003: |
Access of freed memory in pf(4) could be used to |
Access of freed memory in pf(4) could be used to |
remotely panic a machine using scrub rules.</a> |
remotely panic a machine using scrub rules.</a> |
<li><a href=errata.html#sendmail>September 17, 2003: |
<li><a href=errata33.html#sendmail>September 17, 2003: |
A buffer overflow in the address parsing in |
A buffer overflow in the address parsing in |
sendmail(8) may allow an attacker to gain root privileges.</a> |
sendmail(8) may allow an attacker to gain root privileges.</a> |
<li><a href=errata.html#sshbuffer>September 16, 2003: |
<li><a href=errata33.html#sshbuffer>September 16, 2003: |
OpenSSH versions prior to 3.7 contains a buffer management error |
OpenSSH versions prior to 3.7 contains a buffer management error |
that is potentially exploitable.</a> |
that is potentially exploitable.</a> |
<li><a href=errata.html#sysvsem>September 10, 2003: |
<li><a href=errata33.html#sysvsem>September 10, 2003: |
Root may be able to reduce the security level by taking advantage of |
Root may be able to reduce the security level by taking advantage of |
an integer overflow when the semaphore limits are made very large.</a> |
an integer overflow when the semaphore limits are made very large.</a> |
<li><a href=errata.html#semget>August 20, 2003: |
<li><a href=errata33.html#semget>August 20, 2003: |
An improper bounds check in the kernel may allow a local user |
An improper bounds check in the kernel may allow a local user |
to panic the kernel.</a> |
to panic the kernel.</a> |
<li><a href=errata.html#realpath>August 4, 2003: |
<li><a href=errata33.html#realpath>August 4, 2003: |
An off-by-one error exists in the C library function realpath(3) |
An off-by-one error exists in the C library function realpath(3) |
may allow an attacker to gain escalated privileges.</a> |
may allow an attacker to gain escalated privileges.</a> |
</ul> |
</ul> |