NetBSD Security Officer | 8 Mar 13:18 2011
Picon

NetBSD Security Advisory 2011-002: OpenSSL TLS extension parsing race condition


		 NetBSD Security Advisory 2011-002
		 =================================

Topic:		OpenSSL TLS extension parsing race condition.

Version:	NetBSD-current:		source prior to February 11, 2011
		NetBSD 5.0.*:		affected
		NetBSD 5.0:		affected
		NetBSD 5.1:		affected
		NetBSD 4.0.*:		not affected
		NetBSD 4.0:		not affected
		pkgsrc:			openssl package prior to 0.9.8qnb1

Severity:	Denial of Service and potential Information Disclosure

Fixed:		NetBSD-current:		February 11, 2011
		NetBSD-5-0 branch:	February 17, 2011
		NetBSD-5-1 branch:	February 17, 2011
		NetBSD-5 branch:	February 17, 2011
		pkgsrc 2010Q4:		openssl-0.9.8qnb1 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

Incorrectly formatted ClientHello handshake messages could cause OpenSSL
to parse past the end of the message.
(Continue reading)

NetBSD Security Officer | 8 Mar 13:19 2011
Picon

NetBSD Security Advisory 2011-003: Exhausting kernel memory from user controlled value


		 NetBSD Security Advisory 2011-003
		 =================================

Topic:		Exhausting kernel memory from user controlled value

Version:	NetBSD-current:		source prior to March 4th, 2011
		NetBSD 5.0.*:		affected
		NetBSD 5.0:		affected
		NetBSD 5.1:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected

Severity:	local DOS

Fixed:		NetBSD-current:		March 4th, 2011
		NetBSD-5-0 branch:	March 7th, 2011
		NetBSD-5-1 branch:	March 7th, 2011
		NetBSD-5 branch:	March 7th, 2011
		NetBSD-4-0 branch:	March 7th, 2011
		NetBSD-4 branch:	March 7th, 2011

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

Kernel memory can be exhausted by a specially crafted program.
This may cause a panic.
(Continue reading)


Gmane