www/security.html - diff

Return to security.html CVS log

Up to [local] / www

Diff for /www/security.html between version 1.287 and 1.288

version 1.287, 2004/05/26 19:56:42

version 1.288, 2004/05/30 19:49:08

Line 58

<hr>

<ul>

OpenBSD believes in strong security. Our aspiration is to be NUMBER

Line 70

cryptography</a>, we are able to take cryptographic approaches towards

fixing security problems.<p>

<li><h3><font color=#e00000>Full Disclosure</font></h3><p>

Like many readers of the

Line 87

turnaround is possible. Thus we think that full disclosure helps the

people who really care about security.<p>

<li><h3><font color=#e00000>Audit Process</font></h3><p>

Our security auditing team typically has between six and twelve

Line 130

managed such a success is the lpd advisory that Secure Networks put out.

<p>

<li><h3><font color=#e00000>New Technologies</font></h3><p>

As we audit source code, we often invent new ways of solving problems.

Line 190

The auditing process is not over yet, and as you can see we continue

to find and fix new security flaws.<p>

<li><h3><font color=#e00000>"Secure by Default"</font></h3><p>

To ensure that novice users of OpenBSD do not need to become security

Line 206

by default, creating instantaneous security problems for their users

within minutes after their first install.<p>

<li><h3><font color=#e00000>Cryptography</font></h3><p>

And of course, since the OpenBSD project is based in Canada, it is possible

Line 216

<li><h3><font color=#e00000>Advisories</font></h3><p>

<li>

<h3><font color=#e00000>OpenBSD 3.5 Security Advisories</font></h3>

These are the OpenBSD 3.5 advisories -- all these problems are solved

Line 227

<ul>

<li><a href=errata.html#xdm> May 26, 2004:

xdm(1) ignores the requestPort resource and creates a

listening socket regardless of the setting in xdm-config.

listening socket regardless of the setting in xdm-config</a>.

</a>.

<li><a href=errata.html#cvs2> May 20, 2004:

A buffer overflow in the cvs(1) server has been found,

which can be used by CVS clients to execute arbitrary code on

the server.</a>

the server</a>.

<li><a href=errata.html#procfs> May 13, 2004:

Integer overflow problems were found in procfs, allowing

reading of arbitrary kernel memory.</a>

reading of arbitrary kernel memory</a>.

<li><a href=errata.html#cvs> May 5, 2004:

Pathname validation problems have been found in cvs(1),

allowing clients and servers access to files outside the

repository or local CVS tree.</a>

repository or local CVS tree</a>.

</ul>

<p>

<li>

<h3><font color=#e00000>OpenBSD 3.4 Security Advisories</font></h3>

These are the OpenBSD 3.4 advisories -- all these problems are solved

Line 300

Line 299

<br>

<li>

<h3><font color=#e00000>OpenBSD 3.3 Security Advisories</font></h3>

These are the OpenBSD 3.3 advisories -- all these problems are solved

Line 364

Line 363

<p>

<li>

<h3><font color=#e00000>OpenBSD 3.2 Security Advisories</font></h3>

These are the OpenBSD 3.2 advisories -- all these problems are solved

Line 444

Line 443

<p>

<li>

<h3><font color=#e00000>OpenBSD 3.1 Security Advisories</font></h3>

These are the OpenBSD 3.1 advisories -- all these problems are solved

Line 549

Line 548

<p>

<li>

<h3><font color=#e00000>OpenBSD 3.0 Security Advisories</font></h3>

These are the OpenBSD 3.0 advisories -- all these problems are solved

Line 659

Line 658

<p>

<li>

<h3><font color=#e00000>OpenBSD 2.9 Security Advisories</font></h3>

These are the OpenBSD 2.9 advisories -- all these problems are solved

Line 738

Line 737

<p>

<li>

<h3><font color=#e00000>OpenBSD 2.8 Security Advisories</font></h3>

These are the OpenBSD 2.8 advisories -- all these problems are solved

Line 798

Line 797

<p>

<li>

<h3><font color=#e00000>OpenBSD 2.7 Security Advisories</font></h3>

These are the OpenBSD 2.7 advisories -- all these problems are solved

Line 889

Line 888

<p>

<li>

<h3><font color=#e00000>OpenBSD 2.6 Security Advisories</font></h3>

These are the OpenBSD 2.6 advisories -- all these problems are solved

Line 938

Line 937

<p>

<li>

<h3><font color=#e00000>OpenBSD 2.5 Security Advisories</font></h3>

These are the OpenBSD 2.5 advisories -- all these problems are solved

Line 973

Line 972

<p>

<li>

<h3><font color=#e00000>OpenBSD 2.4 Security Advisories</font></h3>

These are the OpenBSD 2.4 advisories -- all these problems are solved

Line 1018

Line 1017

<p>

<li>

<h3><font color=#e00000>OpenBSD 2.3 Security Advisories</font></h3>

These are the OpenBSD 2.3 advisories -- all these problems are solved

Line 1054

Line 1053

<p>

<li>

<h3><font color=#e00000>OpenBSD 2.2 Security Advisories</font></h3>

These are the OpenBSD 2.2 advisories. All these problems are solved

Line 1089

Line 1088

<p>

<li>

<h3><font color=#e00000>OpenBSD 2.1 Security Advisories</font></h3>

These are the OpenBSD 2.1 advisories. All these problems are solved

Line 1111

Line 1110

<p>

<li>

<h3><font color=#e00000>OpenBSD 2.0 Security Advisories</font></h3>

These are the OpenBSD 2.0 advisories. All these problems are solved

Line 1131

Line 1130

</dl>

<p>

<li><h3><font color=#e00000>Watching our Changes</font></h3><p>

Since we take a proactive stance with security, we are continually

Line 1175

Line 1174

</ul>

<p>

<li><h3><font color=#e00000>Reporting problems</font></h3><p>

<p> If you find a new security problem, you can mail it to

Line 1185

Line 1184

urgent, since it is inconvenient) use this <a href="advisories/pgpkey.txt">pgp key</a>.

<p>

<li><h3><font color=#e00000>Further Reading</font></h3><p>

A number of papers have been written by OpenBSD team members, about security