NetBSD Security Advisory 2006-002: settimeofday() time wrap

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 NetBSD Security Advisory 2006-002 = Topic: settimeofday() time wrap Version:NetBSD-current: source prior to December 5, 2005 NetBSD 3.0: not affe

NetBSD Security Advisory 2006-001: Kernfs kernel memory disclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 NetBSD Security Advisory 2006-001 = Topic: Kernfs kernel memory disclosure Version:NetBSD-current: source prior to November 23, 2005 NetBSD 3.0:

NetBSD Security Advisory 2003-011: off-by-one error in realpath(3)

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2003-011 = Topic: off-by-one error in realpath(3) Version:NetBSD-current: source prior to August 4, 2003 NetBSD 1.6.1: affected

NetBSD Security Advisory 2003-010: remote panic in OSI networking code

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2003-010 = Topic: remote panic in OSI networking code Version:NetBSD-current: source prior to May 26, 2003 NetBSD 1.6.1: affected

NetBSD Security Advisory 2003-009: sendmail buffer overrun in prescan() address parser

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2003-009 = Topic: sendmail buffer overrun in prescan() address parser Version:NetBSD-current: source prior to Mar 30, 2003 NetBSD 1.6:

NetBSD Security Advisory 2003-006: Cryptographic weaknesses in Kerberos v4 protocol

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2003-006 = Topic: Cryptographic weaknesses in Kerberos v4 protocol Version:NetBSD-current: source prior to March 20, 2003 NetBSD 1.6:

NetBSD Security Advisory 2003-008: faulty length checks in xdrmem_getbytes

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2003-008 = Topic: faulty length checks in xdrmem_getbytes Version:NetBSD-current: source prior to March 21, 2003 NetBSD-1.6.1:not

NetBSD Security Advisory 2003-005: RSA timing attack in OpenSSL code

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2003-005 = Topic: RSA timing attack in OpenSSL code Version:NetBSD-current: source prior to March 19, 2003 NetBSD-1.6: affected (

NetBSD Security Advisory 2003-007: (Another) Encryption weakness in OpenSSL code

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2003-007 = Topic: (Another) Encryption weakness in OpenSSL code Version:NetBSD-current: source prior to March 21, 2003 NetBSD-1.6.1:

NetBSD Security Advisory 2003-004: Format string vulnerability in zlib gzprintf()

instances of binaries in the base NetBSD system which use gzprintf, convincing someone to run a vulnerable application under their uid could be abused to gain their privileges. NetBSD Security-Officer is performing an audit of pkgsrc code to create a list of vulnerable pkgs, which will be marked

NetBSD Security Advisory 2003-003 Buffer Overflow in file(1)

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2003-003 = Topic: Buffer Overflow in file(1) Version:NetBSD-current: source prior to February 27, 2003 NetBSD 1.6: affected

NetBSD Security Advisory 2003-001: Encryption weakness in OpenSSL code

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2003-001 = Topic: Encryption weakness in OpenSSL code Version:NetBSD-current: source prior to February 21, 2003 NetBSD-1.6.1:not af

NetBSD Security Advisory 2003-002: Malformed header Sendmail Vulnerability

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2003-002 = Topic: Malformed header Sendmail Vulnerability Version:NetBSD-current: source prior to March 4, 2003 NetBSD 1.6: affected

NetBSD Security Advisory 2002-024: IPFilter FTP proxy

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-024 = Topic: IPFilter FTP proxy Version:NetBSD-current: source prior to September 20, 2002 NetBSD 1.6: affected

NetBSD Security Advisory 2002-025: trek(6) buffer overrun

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-025 = Topic: trek(6) buffer overrun Version:NetBSD-current: source prior to October 19, 2002 NetBSD 1.6: affected (no real harm

NetBSD Security Advisory 2002-026: Buffer overflow in kadmind daemon

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-026 = Topic: Buffer overflow in kadmind daemon Version:NetBSD-current: source prior to October 21 2002 NetBSD-1.6: affected

NetBSD Security Advisory 2002-019: Buffer overrun in talkd

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-019 = Topic: Buffer overrun in talkd Version:NetBSD-current: source prior to September 20, 2002 NetBSD 1.6: affected

NetBSD Security Advisory 2002-021: rogue vulnerability

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-021 = Topic: rogue vulnerability Version:NetBSD-current: source prior to October 2, 2002 NetBSD 1.6: affected

NetBSD Security Advisory 2002-022: buffer overrun in pic(1)

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-022 = Topic: buffer overrun in pic(1) Version:NetBSD-current: source prior to September 28, 2002 NetBSD 1.6: affected

NetBSD Security Advisory 2002-015: (another) buffer overrun in libc/libresolv DNS resolver

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-015 = Topic: (another) buffer overrun in libc/libresolv DNS resolver Version:NetBSD-current: source prior to August 28, 2002 NetBS

NetBSD Security Advisory 2002-023: sendmail smrsh bypass vulnerability

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-023 = Topic: sendmail smrsh bypass vulnerability Version:NetBSD-current: source prior to October 4, 2002 NetBSD 1.6: affected

NetBSD Security Advisory 2002-009: Multiple vulnerabilities in OpenSSL code (updated 2002/9/22)

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-009 = (updated 2002/9/22) Topic: Multiple vulnerabilities in OpenSSL code Version:NetBSD-current: source prior to August 10, 200

NetBSD Security Advisory 2002-018: Multiple security isses with kfd daemon

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-018 = Topic: Multiple security isses with kfd daemon Version:NetBSD-current: source prior to September 10, 2002 NetBSD 1.6: af

NetBSD Security Advisory 2002-013: Bug in NFS server code allows remote denial of service

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-013 = Topic: Bug in NFS server code allows remote denial of service Version:NetBSD-current: source prior to Aug 3, 2002 NetBSD 1.

NetBSD Security Advisory 2002-009:

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-009 = (updated 2002/9/16) Topic: Multiple vulnerabilities in OpenSSL code Version:NetBSD-current: source prior to August 10, 20

NetBSD Security Advisory 2002-006: buffer overrun in libc/libresolv DNS resolver

initiating the outgoing query. This issue was brought to the attention of the NetBSD security-officer with short notice, and this advisory has since been updated with additional information. See also: http://www.pine.nl/advisories/pine-cert-20020601.html http://www.kb.cert.org/vuls/id/803539 http

NetBSD Security Advisory 2002-007: Repeated TIOCSCTTY ioctl can corrupt session hold counts

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-007 = Topic: Repeated TIOCSCTTY ioctl can corrupt session hold counts Version:NetBSD-current: source prior to July 21, 2002 NetB

NetBSD Security Advisory 2002-010: symlink race in pppd

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-010 = Topic: symlink race in pppd Version:NetBSD-current: source prior to July 31, 2002 NetBSD-1.6 beta: affected

Multiple NetBSD Security Advisories Released/Updated

-BEGIN PGP SIGNED MESSAGE- With the release of NetBSD 1.6, the NetBSD project is publishing a batch of Security Advisories (some of which are updates), as follows: * 2002-006buffer overrun in libc/libresolv DNS resolver x 2002-007Repeated TIOCSCTTY ioctl can corrupt session

NetBSD Security Advisory 2002-014: fd_set overrun in mbone tools and pppd

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-014 = Topic: fd_set overrun in mbone tools and pppd Version:NetBSD-current: source prior to August 10, 2002 NetBSD 1.6 beta: sour

NetBSD Security Advisory 2002-017: shutdown(s, SHUT_RD) on TCP socket does not work as intended

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-017 = Topic: shutdown(s, SHUT_RD) on TCP socket does not work as intended Version:NetBSD-current: source prior to September 7, 2002

NetBSD Security Advisory 2002-011: Sun RPC XDR decoder contains buffer overflow

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-011 = Topic: Sun RPC XDR decoder contains buffer overflow Version:NetBSD-current: source prior to August 1, 2002 NetBSD-1.6 beta

NetBSD Security Advisory 2002-012: buffer overrun in setlocale

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-012 = Topic: buffer overrun in setlocale Severity: local root exploit if X11 (xterm) is installed. Version:NetBSD-current: source prior to

NetBSD Security Advisory 2002-009: Multiple vulnerabilities in OpenSSL code

Bugtraq has a large number of subscribers whose out-of-office replies are sent even in response to mailing-list messages. Since this is a major nuisance, the Reply-To address on this email is fake. Please address replies to: NetBSD Security Officer <[EMAIL PROTECTED]> -BEGIN PGP

NetBSD Security Advisory 2002-010: symlink race in pppd

Bugtraq has a large number of subscribers whose out-of-office replies are sent even in response to mailing-list messages. Since this is a major nuisance, the Reply-To address on this email is fake. Please address replies to: NetBSD Security Officer <[EMAIL PROTECTED]> -BEGIN PGP

NetBSD Security Advisory 2002-011: Sun RPC XDR decoder contains buffer overflow

Bugtraq has a large number of subscribers whose out-of-office replies are sent even in response to mailing-list messages. Since this is a major nuisance, the Reply-To address on this email is fake. Please address replies to: NetBSD Security Officer <[EMAIL PROTECTED]> -BEGIN PGP

NetBSD Security Advisory 2002-005: OpenSSH protocol version 2 challenge-response authentication

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2002-005 = Topic: OpenSSH protocol version 2 challenge-response authentication vulnerability Version:NetBSD-current: prior to May 14,

NetBSD Security Advisory 2002-006: buffer overrun in libc DNS resolver

/responses at a gateway or firewall system. This will allow central control over your network environment, and protection while updates are being made to individual clients. This issue was brought to the attention of the NetBSD security-officer very recently. Unfortunately, coordination to deliver a

NetBSD Security Advisory 2001-010: sshd(8) "cookies" file mishandling on X11 forwarding

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2001-010 = Topic: sshd(8) "cookies" file mishandling on X11 forwarding Version:NetBSD-current: /usr/sbin/sshd from source before June 14, 2001

NetBSD Security Advisory 2000-011: Insufficient msg_controllen checking for sendmsg(2)

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2000-011 = Topic: Insufficient msg_controllen checking for sendmsg(2) Version:All releases of NetBSD from 1.3 to 1.5, and -current Severity: Any

NetBSD Security Advisory 2001-009: Race condition between sugid-exec and ptrace(2)

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2001-009 = Topic: Race condition between sugid-exec and ptrace(2) Version:All official releases up to and including 1.5 Severity: Local user may

NetBSD Security Advisory 2001-005; ftpd remote buffer overflow

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2001-005 = Topic: Ftpd denial of service and remote buffer overflow Version:NetBSD 1.4, 1.5, -current Severity: Remote root compromise Fixed:

NetBSD Security Advisory 2001-001

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2001-001 = Topic: Multiple BIND vulnerabilities Version:All release versions of NetBSD, and NetBSD-current Severity: Remote root execution of comma