diff options
author | kensmith <kensmith@FreeBSD.org> | 2004-03-30 17:43:26 +0000 |
---|---|---|
committer | kensmith <kensmith@FreeBSD.org> | 2004-03-30 17:43:26 +0000 |
commit | d2eab2070ebb47d90466b7f2c12a927632729547 (patch) | |
tree | 15bf25318bd3c975781f6c0dca527c88ae52efa2 /release | |
parent | 7ec3e333012ba329299be5ca10738792b75cac89 (diff) | |
download | FreeBSD-src-d2eab2070ebb47d90466b7f2c12a927632729547.zip FreeBSD-src-d2eab2070ebb47d90466b7f2c12a927632729547.tar.gz |
Add two most recent Security Advisories to errata.
Diffstat (limited to 'release')
-rw-r--r-- | release/doc/en_US.ISO8859-1/errata/article.sgml | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/release/doc/en_US.ISO8859-1/errata/article.sgml b/release/doc/en_US.ISO8859-1/errata/article.sgml index 3b0b80a..56060f5 100644 --- a/release/doc/en_US.ISO8859-1/errata/article.sgml +++ b/release/doc/en_US.ISO8859-1/errata/article.sgml @@ -184,6 +184,25 @@ contains more details, as well as information on patching existing systems.</para> + <para>(17 Mar 2004) By performing a specially crafted SSL/TLS + handshake with an application that uses OpenSSL a null pointer + may be dereferenced. This may in turn cause the application to + crash, resulting in a denial of service attack. For more information + see the Security Advisory <ulink + url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc">FreeBSD-SA-04:05</ulink> + which contains more details and instructions on how to patch existing + systems.</para> + + <para>(29 Mar 2004) A local attacker may take advantage of a + programming error in the handling of certain IPv6 socket options + in the &man.setsockopt.2; system call to read portions of kernel + memory without proper authorization. This may result in disclosure + of sensitive data, or potentially cause a panic. See Security + Advisory <ulink + url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc">FreeBSD-SA-04:06</ulink> + for a more detailed description and instructions on how to patch + existing systems.</para> + ]]> </sect1> |