Technical discussion regarding security issues in NetBSD

NetBSD Security Officer | 8 Mar 2011 13:18

NetBSD Security Advisory 2011-002: OpenSSL TLS extension parsing race condition


		 NetBSD Security Advisory 2011-002
		 =================================

Topic:		OpenSSL TLS extension parsing race condition.

Version:	NetBSD-current:		source prior to February 11, 2011
		NetBSD 5.0.*:		affected
		NetBSD 5.0:		affected
		NetBSD 5.1:		affected
		NetBSD 4.0.*:		not affected
		NetBSD 4.0:		not affected
		pkgsrc:			openssl package prior to 0.9.8qnb1

Severity:	Denial of Service and potential Information Disclosure

Fixed:		NetBSD-current:		February 11, 2011
		NetBSD-5-0 branch:	February 17, 2011
		NetBSD-5-1 branch:	February 17, 2011
		NetBSD-5 branch:	February 17, 2011
		pkgsrc 2010Q4:		openssl-0.9.8qnb1 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

Incorrectly formatted ClientHello handshake messages could cause OpenSSL
to parse past the end of the message.

(Continue reading)

headers

NetBSD Security Officer | 8 Mar 2011 13:19

NetBSD Security Advisory 2011-003: Exhausting kernel memory from user controlled value


		 NetBSD Security Advisory 2011-003
		 =================================

Topic:		Exhausting kernel memory from user controlled value

Version:	NetBSD-current:		source prior to March 4th, 2011
		NetBSD 5.0.*:		affected
		NetBSD 5.0:		affected
		NetBSD 5.1:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected

Severity:	local DOS

Fixed:		NetBSD-current:		March 4th, 2011
		NetBSD-5-0 branch:	March 7th, 2011
		NetBSD-5-1 branch:	March 7th, 2011
		NetBSD-5 branch:	March 7th, 2011
		NetBSD-4-0 branch:	March 7th, 2011
		NetBSD-4 branch:	March 7th, 2011

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

Kernel memory can be exhausted by a specially crafted program.
This may cause a panic.

(Continue reading)


Mon	Tue	Wed	Thu	Fri	Sat	Sun
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Mon

Tue

Wed

Thu

Fri

Sat

Sun

13	June 2013
3	May 2013
6	April 2013
3	March 2013
6	February 2013
16	January 2013
6	December 2012
28	November 2012
6	October 2012
4	September 2012
2	August 2012
20	July 2012
12	June 2012
4	May 2012
4	April 2012
10	March 2012
16	December 2011
2	November 2011
2	October 2011
1	September 2011
7	August 2011
1	July 2011
3	June 2011
1	May 2011
16	April 2011
2	March 2011
3	February 2011
3	January 2011
2	December 2010
13	November 2010
9	October 2010
10	September 2010
3	August 2010
4	July 2010
1	June 2010
9	April 2010
1	March 2010
11	February 2010
7	January 2010
10	December 2009
2	November 2009
1	October 2009
1	August 2009
12	July 2009
11	June 2009
8	May 2009
7	April 2009
38	March 2009
10	February 2009
19	January 2009
3	December 2008
16	November 2008
11	October 2008
2	September 2008
17	August 2008
18	July 2008
14	June 2008
16	May 2008
6	April 2008
7	March 2008
7	February 2008
37	January 2008
27	December 2007
12	November 2007
12	October 2007
3	September 2007
11	August 2007
12	July 2007
50	June 2007
7	May 2007
2	April 2007
12	March 2007
73	February 2007
32	January 2007
55	December 2006
61	November 2006
28	October 2006
37	September 2006
71	August 2006
18	July 2006
8	June 2006
6	May 2006
22	April 2006
97	March 2006
59	February 2006
111	January 2006
45	December 2005
45	November 2005
41	October 2005
54	September 2005
113	August 2005
107	July 2005
46	June 2005
27	May 2005
87	April 2005
163	March 2005
21	February 2005
30	January 2005
9	December 2004
73	November 2004
10	October 2004
4	September 2004
8	August 2004
62	June 2004
85	May 2004
35	April 2004
28	March 2004
15	February 2004
12	December 2003
21	November 2003
23	October 2003
246	September 2003
27	August 2003
16	July 2003
58	June 2003
22	May 2003
20	April 2003
36	March 2003
3	February 2003
31	January 2003
27	December 2002
56	November 2002
179	October 2002
67	September 2002
87	August 2002
92	July 2002
143	June 2002
87	May 2002
75	April 2002
1	March 2002