From owner-freebsd-advocacy@FreeBSD.ORG Wed Jun 29 03:26:33 2005 Return-Path: X-Original-To: advocacy@freebsd.org Delivered-To: freebsd-advocacy@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E494916A41C; Wed, 29 Jun 2005 03:26:33 +0000 (GMT) (envelope-from kadmin@elisha.daleco.biz) Received: from elisha.daleco.biz (fbc-carthage.org [66.76.92.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id E625743D48; Wed, 29 Jun 2005 03:26:31 +0000 (GMT) (envelope-from kadmin@elisha.daleco.biz) Received: from elisha.daleco.biz (localhost [127.0.0.1]) by elisha.daleco.biz (8.12.11/8.12.11) with ESMTP id j5T3QUm5071785; Tue, 28 Jun 2005 22:26:30 -0500 (CDT) (envelope-from kadmin@elisha.daleco.biz) Received: (from kadmin@localhost) by elisha.daleco.biz (8.12.11/8.12.11/Submit) id j5T3QUFT071784; Tue, 28 Jun 2005 22:26:30 -0500 (CDT) (envelope-from kadmin) Date: Tue, 28 Jun 2005 22:26:30 -0500 (CDT) Message-Id: <200506290326.j5T3QUFT071784@elisha.daleco.biz> To: FreeBSD-gnats-submit@freebsd.org From: Kevin Kinsey X-send-pr-version: 3.113 X-GNATS-Notify: Cc: advocacy@freebsd.org Subject: (PATCH) www/marketing/os-comparison.sgml, updates CERT advisories X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Kevin Kinsey List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 03:26:34 -0000 >Submitter-Id: current-users >Originator: Kevin Kinsey >Organization: DaleCo, S.P. >Confidential: no >Synopsis: (PATCH) www/marketing/os-comparison.sgml, updates CERT advisories >Severity: non-critical >Priority: medium >Category: www >Class: update >Release: FreeBSD 5.3-STABLE i386 >Environment: System: FreeBSD elisha.daleco.biz 4.11-RELEASE-p2 FreeBSD 4.11-RELEASE-p2 #4: Wed Apr 6 15:26:00 CDT 2005 root@elisha.daleco.biz:/usr/obj/usr/src/sys/GENERIC i386 >Description: This patch updates the "OS Comparison" article with the dates, case numbers, and names of (US) CERT advisories from January 2004 to June 2005. >How-To-Repeat: >Fix: This article is currently being discussed on advocacy@; I decided to "put up" instead of being asked to "shut up" (Hi, Julian! Keep up the good work! ;-) My www tree is a few weeks old, but the website appears to still have the same information as my "os-comparison.sgml". I updated the referenced URI due to the fact that "cert.org" is no longer being actively updated with advisories; these seem to have moved to: http://www.us-cert.gov/cas/techalerts/ --- I can't speculate on what "International" users might wish to have listed there; this seems (to me) appropriate for most of North America. Note that I haven't made any commentary about the list, *nor have I enumerated the number of advisories that affect any particular OS*. Particularly in regard to Microsoft's offerings, the list might very well speak for itself. Feel free to modify it as you wish, though. Instead of two "headers", there's only one; this is because of the nature of the content only, and not for any other reason. We appreciate Murray writing this in the first place, and "hope this helps". --- os-comparison.sgml Mon May 9 11:06:12 2005 +++ os-comparison2.sgml Tue Jun 28 21:39:06 2005 @@ -470,37 +470,49 @@ information and training to help improve security at Internet sites.

-

CERT Advisories in 2000 that affected Linux:

+

CERT Advisories for 2004-early 2005, all operating systems:

    -
  • CA-2000-22 - Input Validation Problems in LPRng
    • -
  • CA-2000-21 - Denial-of-Service Vulnerability in TCP/IP - Stacks
    • -
  • CA-2000-20 - Multiple Denial-of-Service Problems in ISC BIND
    • -
  • CA-2000-17 - Input Validation Problem in rpc.statd
    • -
  • CA-2000-13 - Two Input Validation Problems in FTPD
    • -
  • CA-2000-06 - Multiple Buffer Overflows in Kerberos Authenticated - Services
    • -
  • CA-2000-03 - Continuing Compromises of DNS servers
    • -
- -

CERT Advisories in 2000 that affected Windows:

-
    -
  • CA-2000-16 - Microsoft 'IE Script'/Access/OBJECT Tag - Vulnerability
    • -
  • CA-2000-14 - Microsoft Outlook and Outlook Express Cache Bypass - Vulnerability
    • -
  • CA-2000-12 - HHCtrl ActiveX Control Allows Local Files to be - Executed
    • -
  • CA-2000-10 - Inconsistent Warning Messages in Internet - Explorer
    • -
  • CA-2000-07 - Microsoft Office 2000 UA ActiveX Control - Incorrectly Marked "Safe for Scripting"
    • -
  • CA-2000-04 - Love Letter Worm
    • +
  • 2005-06-14 TA05-165A Microsoft Windows and Internet Explorer Vulnerabilities
    • +
  • 2005-05-16 TA05-136A Apple Mac OS X is affected by multiple vulnerabilities
    • +
  • 2005-04-27 TA05-117A Oracle Products Contain Multiple Vulnerabilities
    • +
  • 2005-04-12 TA05-102A Multiple Vulnerabilities in Microsoft Windows Components
    • +
  • 2005-02-08 TA05-039A Multiple Vulnerabilities in Microsoft Windows Components
    • +
  • 2005-01-26 TA05-026A Multiple Denial of Service Vulnerablities in Cisco IOS
    • +
  • 2005-01-12 TA05-012B Microsoft Windows HTML Help ActiveX Control Cross-Domain Vulnerability
    • +
  • 2005-01-12 TA05-012A Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing
    • +
  • 2004-12-21 TA04-356A Exploitation of phpBB highlight parameter vulnerability
    • +
  • 2004-12-01 TA04-336A Update Available for Microsoft Internet Explorer HTML Elements Vulnerability
    • +
  • 2004-11-11 TA04-316A Cisco IOS Input Queue Vulnerability
    • +
  • 2004-11-10 TA04-315A Buffer Overflow in Microsoft Internet Explorer
    • +
  • 2004-10-19 TA04-293A Multiple Vulnerabilities in Microsoft Internet Explorer
    • +
  • 2004-09-17 TA04-261A Multiple Vulnerabilities in Mozilla Products
    • +
  • 2004-09-16 TA04-260A Microsoft Windows JPEG component buffer overflow
    • +
  • 2004-09-03 TA04-247A Vulnerabilities in MIT Kerberos 5
    • +
  • 2004-09-01 TA04-245A Multiple Vulnerabilities in Oracle Products
    • +
  • 2004-08-04 TA04-217A Multiple Vulnerabilities in libpng
    • +
  • 2004-07-30 TA04-212A Critical Vulnerabilities in Microsoft Windows
    • +
  • 2004-07-14 TA04-196A Multiple Vulnerabilities in Microsoft Windows Components and Outlook Express
    • +
  • 2004-07-02 TA04-184A Internet Explorer Update to Disable ADODB.Stream ActiveX Control
    • +
  • 2004-06-22 TA04-174A Multiple Vulnerabilities in ISC DHCP 3
    • +
  • 2004-06-11 TA04-163A Cross-Domain Redirect Vulnerability in Internet Explorer
    • +
  • 2004-06-08 TA04-160A SQL Injection Vulnerabilities in Oracle E-Business Suite
    • +
  • 2004-05-26 TA04-147A CVS Heap Overflow Vulnerability
    • +
  • 2004-04-20 TA04-111B Cisco IOS SNMP Message Handling Vulnerability
    • +
  • 2004-04-20 TA04-111A Vulnerabilities in TCP
    • +
  • 2004-04-13 TA04-104A Multiple Vulnerabilities in Microsoft Products
    • +
  • 2004-04-08 TA04-099A Cross-Domain Vulnerability in Outlook Express MHTML Protocol Handler
    • +
  • 2004-03-18 TA04-078A Multiple Vulnerabilities in OpenSSL
    • +
  • 2004-03-10 TA04-070A Microsoft Outlook mailto URL Handling Vulnerability
    • +
  • 2004-02-10 TA04-041A Multiple Vulnerabilities in Microsoft ASN.1 Library
    • +
  • 2004-02-05 TA04-036A HTTP Parsing Vulnerabilities in Check Point Firewall-1
    • +
  • 2004-02-02 TA04-033A Multiple Vulnerabilities in Microsoft Internet Explorer
    • +
  • 2004-01-28 TA04-028A W32/MyDoom.B Virus
    • +

For more information about CERT and potential security exploits for your operating system, please see http://www.cert.org.

+href="http://www.us-cert.gov/cas/techalerts/">http://www.us-cert.gov/cas/techalerts/.

For more information about some of the enhanced security features of FreeBSD, please see