===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.123
retrieving revision 1.124
diff -u -r1.123 -r1.124
--- www/security.html 2000/01/20 17:49:33 1.123
+++ www/security.html 2000/05/23 20:58:20 1.124
@@ -35,6 +35,7 @@
+For 2.7 security advisories.
For 2.6 security advisories.
For 2.5 security advisories.
For 2.4 security advisories.
@@ -180,6 +181,20 @@
+
+
+OpenBSD 2.7 Security Advisories
+These are the OpenBSD 2.7 advisories -- all these problems are solved
+in OpenBSD current. Obviously, all the
+OpenBSD 2.6 advisories listed below are fixed in OpenBSD 2.7.
+
+
+
+- No 2.7 security advisories yet.
+
+
+
+
OpenBSD 2.6 Security Advisories
@@ -201,7 +216,9 @@
A buffer overflow in the RSAREF code included in the
USA version of libssl, is possibly exploitable in
httpd, ssh, or isakmpd, if SSL/RSA features are enabled.
- (patch included).
+ (patch included).
+ Update: Turns out that this was not exploitable
+ in any of the software included in OpenBSD 2.6.
Dec 4, 1999:
Sendmail permitted any user to cause a aliases file wrap,
thus exposing the system to a race where the aliases file
@@ -495,7 +512,7 @@
www@openbsd.org
-$OpenBSD: security.html,v 1.123 2000/01/20 17:49:33 deraadt Exp $
+$OpenBSD: security.html,v 1.124 2000/05/23 20:58:20 deraadt Exp $
|