From owner-freebsd-advocacy@FreeBSD.ORG Wed Jun 29 03:26:33 2005
Return-Path:
X-Original-To: advocacy@freebsd.org
Delivered-To: freebsd-advocacy@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
by hub.freebsd.org (Postfix) with ESMTP id E494916A41C;
Wed, 29 Jun 2005 03:26:33 +0000 (GMT)
(envelope-from kadmin@elisha.daleco.biz)
Received: from elisha.daleco.biz (fbc-carthage.org [66.76.92.15])
by mx1.FreeBSD.org (Postfix) with ESMTP id E625743D48;
Wed, 29 Jun 2005 03:26:31 +0000 (GMT)
(envelope-from kadmin@elisha.daleco.biz)
Received: from elisha.daleco.biz (localhost [127.0.0.1])
by elisha.daleco.biz (8.12.11/8.12.11) with ESMTP id j5T3QUm5071785;
Tue, 28 Jun 2005 22:26:30 -0500 (CDT)
(envelope-from kadmin@elisha.daleco.biz)
Received: (from kadmin@localhost)
by elisha.daleco.biz (8.12.11/8.12.11/Submit) id j5T3QUFT071784;
Tue, 28 Jun 2005 22:26:30 -0500 (CDT) (envelope-from kadmin)
Date: Tue, 28 Jun 2005 22:26:30 -0500 (CDT)
Message-Id: <200506290326.j5T3QUFT071784@elisha.daleco.biz>
To: FreeBSD-gnats-submit@freebsd.org
From: Kevin Kinsey
X-send-pr-version: 3.113
X-GNATS-Notify:
Cc: advocacy@freebsd.org
Subject: (PATCH) www/marketing/os-comparison.sgml, updates CERT advisories
X-BeenThere: freebsd-advocacy@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Kevin Kinsey
List-Id: FreeBSD Evangelism
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Wed, 29 Jun 2005 03:26:34 -0000
>Submitter-Id: current-users
>Originator: Kevin Kinsey
>Organization: DaleCo, S.P.
>Confidential: no
>Synopsis: (PATCH) www/marketing/os-comparison.sgml, updates CERT advisories
>Severity: non-critical
>Priority: medium
>Category: www
>Class: update
>Release: FreeBSD 5.3-STABLE i386
>Environment:
System: FreeBSD elisha.daleco.biz 4.11-RELEASE-p2 FreeBSD 4.11-RELEASE-p2 #4: Wed Apr 6 15:26:00 CDT 2005 root@elisha.daleco.biz:/usr/obj/usr/src/sys/GENERIC i386
>Description: This patch updates the "OS Comparison" article with the dates,
case numbers, and names of (US) CERT advisories from January 2004
to June 2005.
>How-To-Repeat:
>Fix:
This article is currently being discussed on advocacy@; I decided
to "put up" instead of being asked to "shut up" (Hi, Julian! Keep
up the good work! ;-) My www tree is a few weeks old, but the website
appears to still have the same information as my "os-comparison.sgml".
I updated the referenced URI due to the fact that "cert.org" is no
longer being actively updated with advisories; these seem to have moved
to:
http://www.us-cert.gov/cas/techalerts/
--- I can't speculate on what "International" users might wish
to have listed there; this seems (to me) appropriate for most of North
America.
Note that I haven't made any commentary about the list, *nor have I
enumerated the number of advisories that affect any particular OS*.
Particularly in regard to Microsoft's offerings, the list might very
well speak for itself. Feel free to modify it as you wish, though.
Instead of two "headers", there's only one; this is because of the
nature of the content only, and not for any other reason. We appreciate
Murray writing this in the first place, and "hope this helps".
--- os-comparison.sgml Mon May 9 11:06:12 2005
+++ os-comparison2.sgml Tue Jun 28 21:39:06 2005
@@ -470,37 +470,49 @@
information and training to help improve security at Internet
sites.
-
CERT Advisories in 2000 that affected Linux:
+CERT Advisories for 2004-early 2005, all operating systems:
- - CA-2000-22 - Input Validation Problems in LPRng
- - CA-2000-21 - Denial-of-Service Vulnerability in TCP/IP
- Stacks
- - CA-2000-20 - Multiple Denial-of-Service Problems in ISC BIND
- - CA-2000-17 - Input Validation Problem in rpc.statd
- - CA-2000-13 - Two Input Validation Problems in FTPD
- - CA-2000-06 - Multiple Buffer Overflows in Kerberos Authenticated
- Services
- - CA-2000-03 - Continuing Compromises of DNS servers
-
-
-CERT Advisories in 2000 that affected Windows:
-
- - CA-2000-16 - Microsoft 'IE Script'/Access/OBJECT Tag
- Vulnerability
- - CA-2000-14 - Microsoft Outlook and Outlook Express Cache Bypass
- Vulnerability
- - CA-2000-12 - HHCtrl ActiveX Control Allows Local Files to be
- Executed
- - CA-2000-10 - Inconsistent Warning Messages in Internet
- Explorer
- - CA-2000-07 - Microsoft Office 2000 UA ActiveX Control
- Incorrectly Marked "Safe for Scripting"
- - CA-2000-04 - Love Letter Worm
+- 2005-06-14 TA05-165A Microsoft Windows and Internet Explorer Vulnerabilities
+- 2005-05-16 TA05-136A Apple Mac OS X is affected by multiple vulnerabilities
+- 2005-04-27 TA05-117A Oracle Products Contain Multiple Vulnerabilities
+- 2005-04-12 TA05-102A Multiple Vulnerabilities in Microsoft Windows Components
+- 2005-02-08 TA05-039A Multiple Vulnerabilities in Microsoft Windows Components
+- 2005-01-26 TA05-026A Multiple Denial of Service Vulnerablities in Cisco IOS
+- 2005-01-12 TA05-012B Microsoft Windows HTML Help ActiveX Control Cross-Domain Vulnerability
+- 2005-01-12 TA05-012A Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing
+- 2004-12-21 TA04-356A Exploitation of phpBB highlight parameter vulnerability
+- 2004-12-01 TA04-336A Update Available for Microsoft Internet Explorer HTML Elements Vulnerability
+- 2004-11-11 TA04-316A Cisco IOS Input Queue Vulnerability
+- 2004-11-10 TA04-315A Buffer Overflow in Microsoft Internet Explorer
+- 2004-10-19 TA04-293A Multiple Vulnerabilities in Microsoft Internet Explorer
+- 2004-09-17 TA04-261A Multiple Vulnerabilities in Mozilla Products
+- 2004-09-16 TA04-260A Microsoft Windows JPEG component buffer overflow
+- 2004-09-03 TA04-247A Vulnerabilities in MIT Kerberos 5
+- 2004-09-01 TA04-245A Multiple Vulnerabilities in Oracle Products
+- 2004-08-04 TA04-217A Multiple Vulnerabilities in libpng
+- 2004-07-30 TA04-212A Critical Vulnerabilities in Microsoft Windows
+- 2004-07-14 TA04-196A Multiple Vulnerabilities in Microsoft Windows Components and Outlook Express
+- 2004-07-02 TA04-184A Internet Explorer Update to Disable ADODB.Stream ActiveX Control
+- 2004-06-22 TA04-174A Multiple Vulnerabilities in ISC DHCP 3
+- 2004-06-11 TA04-163A Cross-Domain Redirect Vulnerability in Internet Explorer
+- 2004-06-08 TA04-160A SQL Injection Vulnerabilities in Oracle E-Business Suite
+- 2004-05-26 TA04-147A CVS Heap Overflow Vulnerability
+- 2004-04-20 TA04-111B Cisco IOS SNMP Message Handling Vulnerability
+- 2004-04-20 TA04-111A Vulnerabilities in TCP
+- 2004-04-13 TA04-104A Multiple Vulnerabilities in Microsoft Products
+- 2004-04-08 TA04-099A Cross-Domain Vulnerability in Outlook Express MHTML Protocol Handler
+- 2004-03-18 TA04-078A Multiple Vulnerabilities in OpenSSL
+- 2004-03-10 TA04-070A Microsoft Outlook mailto URL Handling Vulnerability
+- 2004-02-10 TA04-041A Multiple Vulnerabilities in Microsoft ASN.1 Library
+- 2004-02-05 TA04-036A HTTP Parsing Vulnerabilities in Check Point Firewall-1
+- 2004-02-02 TA04-033A Multiple Vulnerabilities in Microsoft Internet Explorer
+- 2004-01-28 TA04-028A W32/MyDoom.B Virus
+
For more information about CERT and potential security exploits for
your operating system, please see http://www.cert.org.
+href="http://www.us-cert.gov/cas/techalerts/">http://www.us-cert.gov/cas/techalerts/.
For more information about some of the enhanced security features
of FreeBSD, please see