Slashdot Mirror

← Back to Stories (view on slashdot.org)

Four New Security Advisories Released for NetBSD

Posted by michael on from the patches-for-everyone dept.

Dan writes "The NetBSD security team has issued Four NetBSD Security Advisories. (1) Format string vulnerability in zlib gzprintf(): a buffer overflow can result in arbitrary code execution. (2) RSA timing attack in OpenSSL code can enable remote recovery of private keys, from a host with low-latency access to the server - such as the local host, or a host on the LAN. (3) Encryption weakness in OpenSSL code enables an attacker to perform crypto operations using server's private keys. Finally (4), faulty length checks in xdrmem_getbytes (within libc) are susceptible to integer overflows that affect memory allocation in their local buffers."

2 of 18 comments (clear)

  1. FreeBSD security is not needed... by Anonymous Coward · · Score: -1, Offtopic

    That's because you aremore likely to be run over that to encounter a *BSD box.

    That's the thing about dying, people aren't likely to run into you.

    To the *BSD living trolls: "It's life Jim but not as we know it!"

  2. Elegy for *BSD by Anonymous Coward · · Score: -1, Offtopic

    Elegy For *BSD

    I am a *BSD user
    and I try hard to be brave
    That is a tall order
    *BSD's foot is in the grave.

    I tap at my toy keyboard
    and whistle a happy tune
    but keeping happy's so hard,
    *BSD died so soon.

    Each day I wake and softly sob
    Nightfall finds me crying
    Not only am I a zit faced slob
    but *BSD is dying.