
Four New Security Advisories Released for NetBSD 18
Dan writes "The NetBSD security team has issued Four NetBSD Security Advisories. (1) Format string vulnerability in zlib gzprintf(): a buffer overflow can result in arbitrary code execution. (2) RSA timing attack in OpenSSL code can enable remote recovery of private keys, from a host with low-latency access to the server - such as the local host, or a host on the LAN. (3) Encryption weakness in OpenSSL code enables an attacker to perform crypto operations using server's private keys. Finally (4), faulty length checks in xdrmem_getbytes (within libc) are susceptible to integer overflows that affect memory allocation in their local buffers."