Diff for /wikisrc/users/spz/secref2.mdwn between versions 1.1 and 1.2

version 1.1, 2012/01/16 07:59:56 version 1.2, 2012/01/21 03:00:14
Line 1 Line 1
 [[!meta title Security Vulnerability Reference List]]  [[!meta title="Security Vulnerability Reference List"]]
 # Security Vulnerability Reference List  # Security Vulnerability Reference List
   
 Affected files, fix dates for specific releases and fixed versions can be found through the 'Fixed in Releases' link.  Affected files, fix dates for specific releases and fixed versions
   can be found through the 'Fixed in Releases' link.
   
 <table>  [[!table data="""
 <tr><th>Identifier</th><th>Topic</th><th>Impact</th><th>Fixed in HEAD</th><th>Fixed in Releases</th><th>Advisory</th></tr>  Identifier|Topic|Impact|Fixed in HEAD|Fixed in Releases|Advisory
 <tr><td>[[CVE-2010-3613|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613]]</td><td>BIND DoS due to improper handling of RRSIG records</td><td>remote DoS</td><td>20101202</td><td>[[20110123|secref2/20110123]]</td><td>[[2011-001|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc]]</td></tr>  [[CVE-2010-3613|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613]]|BIND DoS due to improper handling of RRSIG records|remote DoS|20101202|[[20110123|secref2/20110123]]|[[2011-001|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc]]
 <tr><td>[[CVE-2011-0014|http://cve.mitre.org/cgi-bin/cvename.cgi?name=VE-2011-0014]]</td><td>OpenSSL TLS extension parsing race condition</td><td>DoS, info leak</td><td>20110211</td><td>[[20110217|secref2/20110217]]</td><td>[[2011-002|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc]]</td></tr>  [[CVE-2011-0014|http://cve.mitre.org/cgi-bin/cvename.cgi?name=VE-2011-0014]]|OpenSSL TLS extension parsing race condition|DoS, info leak|20110211|[[20110217|secref2/20110217]]|[[2011-002|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc]]
 <tr><td>-</td><td>Exhausting kernel memory from user controlled value</td><td>local DoS</td><td>20110304</td><td>[[20110307|secref2/20110307]]</td><td>[[2011-003|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-003.txt.asc]]</td></tr>  -|Exhausting kernel memory from user controlled value|local DoS|20110304|[[20110307|secref2/20110307]]|[[2011-003|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-003.txt.asc]]
 <tr><td>[[CVE-2011-1547|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1547]]</td><td>Kernel stack overflow via nested IPCOMP packet</td><td>remote DoS</td><td>20110401</td><td>[[20110403|secref2/20110403]]</td><td>[[2011-004|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-004.txt.asc]]</td></tr>  [[CVE-2011-1547|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1547]]|Kernel stack overflow via nested IPCOMP packet|remote DoS|20110401|[[20110403|secref2/20110403]]|[[2011-004|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-004.txt.asc]]
 <tr><td>[[CVE-2011-0997|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997]]</td><td>ISC dhclient environment sanitizing</td><td>remote script execution</td><td>20110406</td><td>[[20110407|secref2/20110407]]</td><td>[[2011-005|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-005.txt.asc]]</td></tr>  [[CVE-2011-0997|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997]]|ISC dhclient environment sanitizing|remote script execution|20110406|[[20110407|secref2/20110407]]|[[2011-005|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-005.txt.asc]]
 <tr><td>[[CVE-2011-2464|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464]]</td><td>BIND DoS via packet with rrtype zero</td><td>remote DoS</td><td>20110706</td><td>[[20110716|secref2/20110716]]</td><td>[[2011-006|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-006.txt.asc]]</td></tr>  [[CVE-2011-2464|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464]]|BIND DoS via packet with rrtype zero|remote DoS|20110706|[[20110716|secref2/20110716]]|[[2011-006|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-006.txt.asc]]
 <tr><td>[[CVE-2011-2895|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895]]</td><td>LZW decoding loop on manipulated compressed files</td><td>DoS, info leak</td><td>20110816</td><td>[[20110819|secref2/20110819]]</td><td>[[2011-007|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc]]</td></tr>  [[CVE-2011-2895|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895]]|LZW decoding loop on manipulated compressed files|DoS, info leak|20110816|[[20110819|secref2/20110819]]|[[2011-007|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc]]
 <tr><td>[[CVE-2011-4122|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4122]]</td><td>OpenPAM privilege escalation</td><td>privilege escalation</td><td>20111109</td><td>[[20111119|secref2/20111119]]</td><td>[[2011-008|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-008.txt.asc]]</td></tr>  [[CVE-2011-4122|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4122]]|OpenPAM privilege escalation|privilege escalation|20111109|[[20111119|secref2/20111119]]|[[2011-008|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-008.txt.asc]]
 <tr><td>[[CVE-2011-4313|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313]]</td><td>BIND resolver DoS</td><td>remote DoS</td><td>20111116</td><td>[[20111120|secref2/20111120]]</td><td>[[2011-009|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-009.txt.asc]]</td></tr>  [[CVE-2011-4313|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313]]|BIND resolver DoS|remote DoS|20111116|[[20111120|secref2/20111120]]|[[2011-009|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-009.txt.asc]]
 <tr><td>[[CVE-2011-4862|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862]]</td><td>telnetd unchecked encryption key length</td><td>remote code execution</td><td>20111223</td><td>[[20111231|secref2/20111231]]</td><td></td></tr>  [[CVE-2011-4862|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862]]|telnetd unchecked encryption key length|remote code execution|20111223|[[20111231|secref2/20111231]]|
 <tr><td>[[CVE-2010-1166|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1166]]</td><td>incorrect macro definition in Xrender</td><td>auth user DoS + remote code execution</td><td>20111230</td><td>[[20120101|secref2/20120101]]</td><td></td></tr>  [[CVE-2010-1166|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1166]]|incorrect macro definition in Xrender|auth user DoS + remote code execution|20111230|[[20120101|secref2/20120101]]|
 <tr><td></td><td></td><td></td><td></td><td></td></tr>  """]]
 </table>  

Removed from v.1.1  
changed lines
  Added in v.1.2


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb