Thursday, October 11, 2007

Errata 011

PuffyThe OpenBSD team has released a patch 011 for OpenBSD 4.1 (patch 002 for OpenBSD 4.2 and patch 017 for OpenBSD 4.0).

This is a security fix and applies to all architectures.

Quote from the commit messages (1.16 & 1.17):
Replace use of strcpy(3) and other pointer goo in
SSL_get_shared_ciphers() with strlcat(3).

Fix off-by-one buffer overflow in SSL_get_shared_ciphers().
From OpenSSL_0_9_8-stable branch.

Binpatches exist for OpenBSD 4.1 and OpenBSD 4.0. Note, I do not have a 4.2 box set up, so no binpatches for 4.2 yet.