(PATCH) www/marketing/os-comparison.sgml, updates CERT advisories

Kevin Kinsey kdk at daleco.biz
Wed Jun 29 03:26:34 GMT 2005

>Submitter-Id:  current-users
>Originator:    Kevin Kinsey
>Organization:  DaleCo, S.P.
>Confidential:  no
>Synopsis:      (PATCH) www/marketing/os-comparison.sgml, updates CERT advisories
>Severity:      non-critical
>Priority:      medium
>Category:      www
>Class:         update
>Release:       FreeBSD 5.3-STABLE i386
System: FreeBSD elisha.daleco.biz 4.11-RELEASE-p2 FreeBSD 4.11-RELEASE-p2 #4: Wed Apr 6 15:26:00 CDT 2005 root at elisha.daleco.biz:/usr/obj/usr/src/sys/GENERIC i386

>Description: This patch updates the "OS Comparison" article with the dates,
                case numbers, and names of (US) CERT advisories from January 2004
                to June 2005.
        This article is currently being discussed on advocacy@; I decided
        to "put up" instead of being asked to "shut up" (Hi, Julian!  Keep
        up the good work! ;-)  My www tree is a few weeks old, but the website
        appears to still have the same information as my "os-comparison.sgml".

        I updated the referenced URI due to the fact that "cert.org" is no
        longer being actively updated with advisories; these seem to have moved

           --- I can't speculate on what "International" users might wish
        to have listed there; this seems (to me) appropriate for most of North

        Note that I haven't made any commentary about the list, *nor have I
        enumerated the number of advisories that affect any particular OS*.
        Particularly in regard to Microsoft's offerings, the list might very
        well speak for itself.  Feel free to modify it as you wish, though.

        Instead of two "headers", there's only one; this is because of the
        nature of the content only, and not for any other reason.  We appreciate
        Murray writing this in the first place, and "hope this helps".

--- os-comparison.sgml  Mon May  9 11:06:12 2005
+++ os-comparison2.sgml Tue Jun 28 21:39:06 2005
@@ -470,37 +470,49 @@
 information and training to help improve security at Internet

-<p><strong>CERT Advisories in 2000 that affected Linux:</strong></p>
+<p><strong>CERT Advisories for 2004-early 2005, all operating systems:</strong></p>
-  <li>CA-2000-22 - Input Validation Problems in LPRng</li>
-  <li>CA-2000-21 - Denial-of-Service Vulnerability in TCP/IP
-  Stacks</li>
-  <li>CA-2000-20 - Multiple Denial-of-Service Problems in ISC BIND</li>
-  <li>CA-2000-17 - Input Validation Problem in rpc.statd</li>
-  <li>CA-2000-13 - Two Input Validation Problems in FTPD</li>
-  <li>CA-2000-06 - Multiple Buffer Overflows in Kerberos Authenticated
-  Services</li>
-  <li>CA-2000-03 - Continuing Compromises of DNS servers</li>
-<p><strong>CERT Advisories in 2000 that affected Windows:</strong></p>
-  <li>CA-2000-16 - Microsoft 'IE Script'/Access/OBJECT Tag
-  Vulnerability</li>
-  <li>CA-2000-14 - Microsoft Outlook and Outlook Express Cache Bypass
-  Vulnerability</li>
-  <li>CA-2000-12 - HHCtrl ActiveX Control Allows Local Files to be
-  Executed</li>
-  <li>CA-2000-10 - Inconsistent Warning Messages in Internet
-  Explorer</li>
-  <li>CA-2000-07 - Microsoft Office 2000 UA ActiveX Control
-  Incorrectly Marked "Safe for Scripting"</li>
-  <li>CA-2000-04 - Love Letter Worm</li>
+<li>2005-06-14 TA05-165A   Microsoft Windows and Internet Explorer Vulnerabilities</li>
+<li>2005-05-16 TA05-136A   Apple Mac OS X is affected by multiple vulnerabilities</li>
+<li>2005-04-27 TA05-117A   Oracle Products Contain Multiple Vulnerabilities</li>
+<li>2005-04-12 TA05-102A   Multiple Vulnerabilities in Microsoft Windows Components</li>
+<li>2005-02-08 TA05-039A   Multiple Vulnerabilities in Microsoft Windows Components</li>
+<li>2005-01-26 TA05-026A   Multiple Denial of Service Vulnerablities in Cisco IOS</li>
+<li>2005-01-12 TA05-012B   Microsoft Windows HTML Help ActiveX Control Cross-Domain Vulnerability</li>
+<li>2005-01-12 TA05-012A   Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing</li>
+<li>2004-12-21 TA04-356A   Exploitation of phpBB highlight parameter vulnerability</li>
+<li>2004-12-01 TA04-336A   Update Available for Microsoft Internet Explorer HTML Elements Vulnerability</li>
+<li>2004-11-11 TA04-316A   Cisco IOS Input Queue Vulnerability</li>
+<li>2004-11-10 TA04-315A   Buffer Overflow in Microsoft Internet Explorer</li>
+<li>2004-10-19 TA04-293A   Multiple Vulnerabilities in Microsoft Internet Explorer</li>
+<li>2004-09-17 TA04-261A   Multiple Vulnerabilities in Mozilla Products</li>
+<li>2004-09-16 TA04-260A   Microsoft Windows JPEG component buffer overflow</li>
+<li>2004-09-03 TA04-247A   Vulnerabilities in MIT Kerberos 5</li>
+<li>2004-09-01 TA04-245A   Multiple Vulnerabilities in Oracle Products</li>
+<li>2004-08-04 TA04-217A   Multiple Vulnerabilities in libpng</li>
+<li>2004-07-30 TA04-212A   Critical Vulnerabilities in Microsoft Windows</li>
+<li>2004-07-14 TA04-196A   Multiple Vulnerabilities in Microsoft Windows Components and Outlook Express</li>
+<li>2004-07-02 TA04-184A   Internet Explorer Update to Disable ADODB.Stream ActiveX Control</li>
+<li>2004-06-22 TA04-174A   Multiple Vulnerabilities in ISC DHCP 3</li>
+<li>2004-06-11 TA04-163A   Cross-Domain Redirect Vulnerability in Internet Explorer</li>
+<li>2004-06-08 TA04-160A   SQL Injection Vulnerabilities in Oracle E-Business Suite</li>
+<li>2004-05-26 TA04-147A   CVS Heap Overflow Vulnerability</li>
+<li>2004-04-20 TA04-111B   Cisco IOS SNMP Message Handling Vulnerability</li>
+<li>2004-04-20 TA04-111A   Vulnerabilities in TCP</li>
+<li>2004-04-13 TA04-104A   Multiple Vulnerabilities in Microsoft Products</li>
+<li>2004-04-08 TA04-099A   Cross-Domain Vulnerability in Outlook Express MHTML Protocol Handler</li>
+<li>2004-03-18 TA04-078A   Multiple Vulnerabilities in OpenSSL</li>
+<li>2004-03-10 TA04-070A   Microsoft Outlook mailto URL Handling Vulnerability</li>
+<li>2004-02-10 TA04-041A   Multiple Vulnerabilities in Microsoft ASN.1 Library</li>
+<li>2004-02-05 TA04-036A   HTTP Parsing Vulnerabilities in Check Point Firewall-1</li>
+<li>2004-02-02 TA04-033A   Multiple Vulnerabilities in Microsoft Internet Explorer</li>
+<li>2004-01-28 TA04-028A   W32/MyDoom.B Virus</li>

 <p>For more information about CERT and potential security exploits for
 your operating system, please see <a

 <p>For more information about some of the enhanced security features
 of FreeBSD, please see <a

More information about the freebsd-advocacy mailing list