FreeBSD Mail Archives

Date:      Tue, 28 Jun 2005 22:26:30 -0500 (CDT)
From:      Kevin Kinsey <kdk@daleco.biz>
To:        FreeBSD-gnats-submit@freebsd.org
Cc:        advocacy@freebsd.org
Subject:   (PATCH) www/marketing/os-comparison.sgml, updates CERT advisories
Message-ID:  <200506290326.j5T3QUFT071784@elisha.daleco.biz>

next in thread | raw e-mail | index | archive | help


>Submitter-Id:  current-users
>Originator:    Kevin Kinsey
>Organization:  DaleCo, S.P.
>Confidential:  no
>Synopsis:      (PATCH) www/marketing/os-comparison.sgml, updates CERT advisories
>Severity:      non-critical
>Priority:      medium
>Category:      www
>Class:         update
>Release:       FreeBSD 5.3-STABLE i386
>Environment:
System: FreeBSD elisha.daleco.biz 4.11-RELEASE-p2 FreeBSD 4.11-RELEASE-p2 #4: Wed Apr 6 15:26:00 CDT 2005 root@elisha.daleco.biz:/usr/obj/usr/src/sys/GENERIC i386


>Description: This patch updates the "OS Comparison" article with the dates,
                case numbers, and names of (US) CERT advisories from January 2004
                to June 2005.
>How-To-Repeat:
>Fix:
        This article is currently being discussed on advocacy@; I decided
        to "put up" instead of being asked to "shut up" (Hi, Julian!  Keep
        up the good work! ;-)  My www tree is a few weeks old, but the website
        appears to still have the same information as my "os-comparison.sgml".

        I updated the referenced URI due to the fact that "cert.org" is no
        longer being actively updated with advisories; these seem to have moved
        to:
                 http://www.us-cert.gov/cas/techalerts/

           --- I can't speculate on what "International" users might wish
        to have listed there; this seems (to me) appropriate for most of North
        America.

        Note that I haven't made any commentary about the list, *nor have I
        enumerated the number of advisories that affect any particular OS*.
        Particularly in regard to Microsoft's offerings, the list might very
        well speak for itself.  Feel free to modify it as you wish, though.

        Instead of two "headers", there's only one; this is because of the
        nature of the content only, and not for any other reason.  We appreciate
        Murray writing this in the first place, and "hope this helps".


--- os-comparison.sgml  Mon May  9 11:06:12 2005
+++ os-comparison2.sgml Tue Jun 28 21:39:06 2005
@@ -470,37 +470,49 @@
 information and training to help improve security at Internet
 sites.<p>

-<p><strong>CERT Advisories in 2000 that affected Linux:</strong></p>
+<p><strong>CERT Advisories for 2004-early 2005, all operating systems:</strong></p>
 <ul>                                                       
-  <li>CA-2000-22 - Input Validation Problems in LPRng</li>
-  <li>CA-2000-21 - Denial-of-Service Vulnerability in TCP/IP
-  Stacks</li>
-  <li>CA-2000-20 - Multiple Denial-of-Service Problems in ISC BIND</li>
-  <li>CA-2000-17 - Input Validation Problem in rpc.statd</li>
-  <li>CA-2000-13 - Two Input Validation Problems in FTPD</li>
-  <li>CA-2000-06 - Multiple Buffer Overflows in Kerberos Authenticated
-  Services</li>
-  <li>CA-2000-03 - Continuing Compromises of DNS servers</li>
-</ul>
-
-<p><strong>CERT Advisories in 2000 that affected Windows:</strong></p>
-<ul>
-  <li>CA-2000-16 - Microsoft 'IE Script'/Access/OBJECT Tag
-  Vulnerability</li>
-  <li>CA-2000-14 - Microsoft Outlook and Outlook Express Cache Bypass
-  Vulnerability</li>
-  <li>CA-2000-12 - HHCtrl ActiveX Control Allows Local Files to be
-  Executed</li>
-  <li>CA-2000-10 - Inconsistent Warning Messages in Internet
-  Explorer</li>
-  <li>CA-2000-07 - Microsoft Office 2000 UA ActiveX Control
-  Incorrectly Marked "Safe for Scripting"</li>
-  <li>CA-2000-04 - Love Letter Worm</li>
+<li>2005-06-14 TA05-165A   Microsoft Windows and Internet Explorer Vulnerabilities</li>
+<li>2005-05-16 TA05-136A   Apple Mac OS X is affected by multiple vulnerabilities</li>
+<li>2005-04-27 TA05-117A   Oracle Products Contain Multiple Vulnerabilities</li>
+<li>2005-04-12 TA05-102A   Multiple Vulnerabilities in Microsoft Windows Components</li>
+<li>2005-02-08 TA05-039A   Multiple Vulnerabilities in Microsoft Windows Components</li>
+<li>2005-01-26 TA05-026A   Multiple Denial of Service Vulnerablities in Cisco IOS</li>
+<li>2005-01-12 TA05-012B   Microsoft Windows HTML Help ActiveX Control Cross-Domain Vulnerability</li>
+<li>2005-01-12 TA05-012A   Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing</li>
+<li>2004-12-21 TA04-356A   Exploitation of phpBB highlight parameter vulnerability</li>
+<li>2004-12-01 TA04-336A   Update Available for Microsoft Internet Explorer HTML Elements Vulnerability</li>
+<li>2004-11-11 TA04-316A   Cisco IOS Input Queue Vulnerability</li>
+<li>2004-11-10 TA04-315A   Buffer Overflow in Microsoft Internet Explorer</li>
+<li>2004-10-19 TA04-293A   Multiple Vulnerabilities in Microsoft Internet Explorer</li>
+<li>2004-09-17 TA04-261A   Multiple Vulnerabilities in Mozilla Products</li>
+<li>2004-09-16 TA04-260A   Microsoft Windows JPEG component buffer overflow</li>
+<li>2004-09-03 TA04-247A   Vulnerabilities in MIT Kerberos 5</li>
+<li>2004-09-01 TA04-245A   Multiple Vulnerabilities in Oracle Products</li>
+<li>2004-08-04 TA04-217A   Multiple Vulnerabilities in libpng</li>
+<li>2004-07-30 TA04-212A   Critical Vulnerabilities in Microsoft Windows</li>
+<li>2004-07-14 TA04-196A   Multiple Vulnerabilities in Microsoft Windows Components and Outlook Express</li>
+<li>2004-07-02 TA04-184A   Internet Explorer Update to Disable ADODB.Stream ActiveX Control</li>
+<li>2004-06-22 TA04-174A   Multiple Vulnerabilities in ISC DHCP 3</li>
+<li>2004-06-11 TA04-163A   Cross-Domain Redirect Vulnerability in Internet Explorer</li>
+<li>2004-06-08 TA04-160A   SQL Injection Vulnerabilities in Oracle E-Business Suite</li>
+<li>2004-05-26 TA04-147A   CVS Heap Overflow Vulnerability</li>
+<li>2004-04-20 TA04-111B   Cisco IOS SNMP Message Handling Vulnerability</li>
+<li>2004-04-20 TA04-111A   Vulnerabilities in TCP</li>
+<li>2004-04-13 TA04-104A   Multiple Vulnerabilities in Microsoft Products</li>
+<li>2004-04-08 TA04-099A   Cross-Domain Vulnerability in Outlook Express MHTML Protocol Handler</li>
+<li>2004-03-18 TA04-078A   Multiple Vulnerabilities in OpenSSL</li>
+<li>2004-03-10 TA04-070A   Microsoft Outlook mailto URL Handling Vulnerability</li>
+<li>2004-02-10 TA04-041A   Multiple Vulnerabilities in Microsoft ASN.1 Library</li>
+<li>2004-02-05 TA04-036A   HTTP Parsing Vulnerabilities in Check Point Firewall-1</li>
+<li>2004-02-02 TA04-033A   Multiple Vulnerabilities in Microsoft Internet Explorer</li>
+<li>2004-01-28 TA04-028A   W32/MyDoom.B Virus</li>
+
 </ul>

 <p>For more information about CERT and potential security exploits for
 your operating system, please see <a
-href="http://www.cert.org">http://www.cert.org</a>.</p>;
+href="http://www.us-cert.gov/cas/techalerts/">http://www.us-cert.gov/cas/techalerts/</a>.</p>;

 <p>For more information about some of the enhanced security features
 of FreeBSD, please see <a

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506290326.j5T3QUFT071784>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation