« Posts under Patch

NetBSD Security Advisory 2010-011: OpenSSL Double Free Arbitrary Code Execution

October 28, 2010 / posted in BSD, Bug, NetBSD, OpenSSL, Operating System, Patch, pkgsrc, security, Security Advisory, server, SSL/TLS, Uncategorized, update, vulnerability / No Comments

A new security advisory for NetBSD has just been published. The contents of the Advisory is written below: Version: NetBSD-current: source prior to August 11, 2010 NetBSD 5.0.*: affected NetBSD 5.0: affected NetBSD 4.0.*: affected NetBSD 4.0: affected pkgsrc: openssl package prior to 0.9.8onb1 Severity: Denial of Service and potential arbitrary code execution Fixed: NetBSD-current: [...]

NetBSD Security Advisory 2010-008: sftp(1)/ftp(1)/glob(3) related resource exhaustion

October 7, 2010 / posted in BSD, denial-of-service, NetBSD, Operating System, Patch, security, Security Advisory, vulnerability / No Comments

A new security advisory for NetBSD has just been published. The contents of the Advisory is written below: Abstract In 2001 GLOB_LIMIT was added to glob(3) to limit the potential amount of memory used by globbed patterns. Unfortunately this implementation had many limitations and did not do enough to limit memory or CPU attacks. This [...]

CodeHighlighter for WordPress MU (2)

May 5, 2008 / posted in CodeHighlighter, GeSHi, Patch, Plugins, WordPress, WordPress MU / No Comments

With yesterday’s post, I noticed that the codehighlighter-plugin i am using was doubly converting certain special characters, rendering the source-code quite useless. This is an incompatibility of the plugin with WordPress MU. The Plugin uses GeSHi, the “Generic Syntax Highlighter”, and that again is converting incoming text into html-entities for security reasons. For just the [...]

pkgsrc/libgcrypt problems

March 25, 2008 / posted in Opensource, Patch, pkgsrc / 1 Comment

While upgrading another package from pkgsrc which depended on libgcrypt, I stumbled across the small problem that without further notice than stating “Error code 1″, gcc failed while compiling rijndael.c . A few moments later, a search on my mail-folder containing the mails of the pkgsrc-bugs mailing-list revealed this problem to be already known as [...]

GCC 4.3.0 exposes a kernel bug

March 19, 2008 / posted in BSD, Bug, Kernel, Linux, NetBSD, Opensource, Operating System, Patch, programming, security / No Comments

Earlier this month, lwn.net reported about a change to GCC, exposing a bug in Linux and BSD Kernels. GCC does not clear the direction flag anymore but assumes it to be done by the kernel, as specified by the x86-/x86-64 ABI. This is a major security risk, but as it seems after flying through the [...]