Todd C. Miller | 4 Oct 00:45 2003

DoS bugs in OpenSSL

The use of certain ASN.1 encodings or malformed public keys may
allow an attacker to mount a denial of service attack against
applications linked with ssl(3).  This does not affect OpenSSH.

For full details, please see the OpenSSL advisory:
    http://www.openssl.org/news/secadv_20030930.txt

A fix has been committed to the OpenBSD 3.2 and 3.3 -stable
branches.  Patches are also available for OpenBSD 3.2 and 3.3.

Patch for OpenBSD 3.2:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/020_asn1.patch

Patch for OpenBSD 3.3:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch

Todd C. Miller | 7 Oct 00:45 2003

ARP-based denial of service attack

Under certain circumstances, an attacker may be able to mount a
denial of service attack against a machine by flooding it with bogus
ARP requests.  This can lead to resource starvation, ultimately
resulting in a kernel panic.

The problem was reported by Apple Computer; for more info, see:
    http://www.securityfocus.com/bid/8689/discussion

A fix has been committed to the OpenBSD 3.2 and 3.3 -stable
branches.  Patches are also available for OpenBSD 3.2 and 3.3.

Patch for OpenBSD 3.2:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/021_arp.patch

Patch for OpenBSD 3.3:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch


Gmane