New errata: SA-03:02, SA-03:03.

2003-02-24 17:50:27 +00:00 · 2003-02-24 17:50:27 +00:00 · 4ec447eac8
commit 4ec447eac8
parent 92c44b2895
1 changed files with 18 additions and 0 deletions
--- a/release/doc/en_US.ISO8859-1/errata/article.sgml
+++ b/release/doc/en_US.ISO8859-1/errata/article.sgml
@ -115,6 +115,24 @@
      found in security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc">FreeBSD-SA-03:01</ulink>.</para>

+    <para>A timing-based attack on <application>OpenSSL</application>,
+      could allow a very powerful attacker access to plaintext
+      under certain circumstances.  This problem has been corrected in
+      &os; &release.current; with an upgrade
+      to <application>OpenSSL</application> 0.9.7.  On supported
+      security fix branches, this problem has been corrected with the
+      import of <application>OpenSSL</application> 0.9.6i.  See security
+      advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc">FreeBSD-SA-03:02</ulink>
+      for more details.</para>
+
+    <para>It may be possible to recover the shared secret key used by
+      the implementation of the <quote>syncookies</quote> feature.
+      This reduces its effectiveness in dealing with TCP SYN flood
+      denial-of-service attacks.  Workaround information and fixes are
+      given in security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc">FreeBSD-SA-03:03</ulink>.</para>
+
  </sect1>

  <sect1 id="late-news">