File:  [NetBSD Developer Wiki] / wikisrc / users / spz / secref2.mdwn
Revision 1.2: download - view: text, annotated - select for diffs
Sat Jan 21 03:00:14 2012 UTC (2 years, 2 months ago) by schmonz
Branches: MAIN
CVS tags: HEAD
Better living through less markup, fix meta title directives and a
broken link, wrap long lines that aren't table rows. Might benefit
from a template.

[[!meta title="Security Vulnerability Reference List"]]
# Security Vulnerability Reference List

Affected files, fix dates for specific releases and fixed versions
can be found through the 'Fixed in Releases' link.

[[!table data="""
Identifier|Topic|Impact|Fixed in HEAD|Fixed in Releases|Advisory
[[CVE-2010-3613|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613]]|BIND DoS due to improper handling of RRSIG records|remote DoS|20101202|[[20110123|secref2/20110123]]|[[2011-001|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc]]
[[CVE-2011-0014|http://cve.mitre.org/cgi-bin/cvename.cgi?name=VE-2011-0014]]|OpenSSL TLS extension parsing race condition|DoS, info leak|20110211|[[20110217|secref2/20110217]]|[[2011-002|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc]]
-|Exhausting kernel memory from user controlled value|local DoS|20110304|[[20110307|secref2/20110307]]|[[2011-003|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-003.txt.asc]]
[[CVE-2011-1547|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1547]]|Kernel stack overflow via nested IPCOMP packet|remote DoS|20110401|[[20110403|secref2/20110403]]|[[2011-004|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-004.txt.asc]]
[[CVE-2011-0997|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997]]|ISC dhclient environment sanitizing|remote script execution|20110406|[[20110407|secref2/20110407]]|[[2011-005|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-005.txt.asc]]
[[CVE-2011-2464|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464]]|BIND DoS via packet with rrtype zero|remote DoS|20110706|[[20110716|secref2/20110716]]|[[2011-006|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-006.txt.asc]]
[[CVE-2011-2895|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895]]|LZW decoding loop on manipulated compressed files|DoS, info leak|20110816|[[20110819|secref2/20110819]]|[[2011-007|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc]]
[[CVE-2011-4122|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4122]]|OpenPAM privilege escalation|privilege escalation|20111109|[[20111119|secref2/20111119]]|[[2011-008|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-008.txt.asc]]
[[CVE-2011-4313|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313]]|BIND resolver DoS|remote DoS|20111116|[[20111120|secref2/20111120]]|[[2011-009|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-009.txt.asc]]
[[CVE-2011-4862|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862]]|telnetd unchecked encryption key length|remote code execution|20111223|[[20111231|secref2/20111231]]|
[[CVE-2010-1166|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1166]]|incorrect macro definition in Xrender|auth user DoS + remote code execution|20111230|[[20120101|secref2/20120101]]|
"""]]

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb