www/security.html - diff

Return to security.html CVS log

Up to [local] / www

version 1.372, 2009/02/22 22:09:38

version 1.373, 2009/04/08 02:44:22

Line 230

<li><h3><font color="#e00000">Advisories</font></h3><p>

<li>

<h3><font color="#e00000">OpenBSD 4.5 Security Advisories</font></h3>

These are the OpenBSD 4.5 advisories -- all these problems are solved

in <a href=anoncvs.html>OpenBSD current</a> and the

<a href=stable.html>patch branch</a>.

<p>

<ul>

<li><a href="errata45.html#001_openssl">April 8, 2009:

OpenSSL's ASN.1 handling code could be forced to make invalid

memory accesses by certain invalid strings or structures, allowing

denial-of-service attacks.</a>

</ul>

<li>

<h3><font color="#e00000">OpenBSD 4.4 Security Advisories</font></h3>

Line 239

Line 255

<p>

<ul>

<li><a href="errata44.html#012_openssl">April 8, 2009:

OpenSSL's ASN.1 handling code could be forced to make invalid

memory accesses by certain invalid strings or structures, allowing

denial-of-service attacks.</a>

<li><a href="errata44.html#011_sudo">February 22, 2009:

sudo(8) may allow a user listed in sudoers to run a command

as a different user than their access rule specifies when a Unix

Line 265

Line 285

<p>

<ul>

<li><a href="errata43.html#012_openssl">April 8, 2009:

OpenSSL's ASN.1 handling code could be forced to make invalid

memory accesses by certain invalid strings or structures, allowing

denial-of-service attacks.</a>

<li><a href="errata43.html#011_sudo">February 22, 2009:

sudo(8) may allow a user listed in sudoers to run a command

as a different user than their access rule specifies when a Unix