headers
NetBSD Security Officer | 13 Jan 2010 12:38
Picon

NetBSD Security Advisory 2010-001: File system module autoloading Denial of Service attack


		 NetBSD Security Advisory 2010-001
		 =================================

Topic:		File system module autoloading Denial of Service attack

Version:	NetBSD-current:		affected prior to 2009-12-19 20:28:27 UTC
		NetBSD 5.0.1:		affected
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		not affected
		NetBSD 4.0:		not affected

Severity:	Local Denial of Service

Fixed:		NetBSD-current:		Dec 19, 2009
		NetBSD-5-0 branch:	Dec 21, 2009
		NetBSD-5 branch:	Dec 21, 2009

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

A coding error in the NetBSD VFS code allows a local attacker to
crash the local system by passing a soon-to-be-unmapped pointer
as a file system name to the mount system call.

Technical Details
=================
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 13 Jan 2010 12:39
Picon

NetBSD Security Advisory 2010-002: OpenSSL TLS renegotiation man in the middle vulnerability


		 NetBSD Security Advisory 2010-002
		 =================================

Topic:		OpenSSL TLS renegotiation man in the middle vulnerability

Version:	NetBSD-current:		affected prior to 2009-12-04
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			openssl package prior to x.y.z

Severity:	Information disclosure

Fixed:		NetBSD-current:		Dec 03, 2009
		NetBSD-5-0 branch:	Jan 12, 2010
		NetBSD-5 branch:	Jan 12, 2010
		NetBSD-4-0 branch:	Jan 12, 2010
		NetBSD-4 branch:	Jan 12, 2010
		pkgsrc 2009Q4:		openssl-0.9.8l corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

An error in the OpenSSL TLS session renegotiation allows a remote
attacker to intercept communication and conduct a Man-in-the-Middle
attack on TLS sessions.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane