(PATCH) www/marketing/os-comparison.sgml, updates CERT advisories
Kevin Kinsey
kdk at daleco.biz
Wed Jun 29 03:26:34 GMT 2005
>Submitter-Id: current-users
>Originator: Kevin Kinsey
>Organization: DaleCo, S.P.
>Confidential: no
>Synopsis: (PATCH) www/marketing/os-comparison.sgml, updates CERT advisories
>Severity: non-critical
>Priority: medium
>Category: www
>Class: update
>Release: FreeBSD 5.3-STABLE i386
>Environment:
System: FreeBSD elisha.daleco.biz 4.11-RELEASE-p2 FreeBSD 4.11-RELEASE-p2 #4: Wed Apr 6 15:26:00 CDT 2005 root at elisha.daleco.biz:/usr/obj/usr/src/sys/GENERIC i386
>Description: This patch updates the "OS Comparison" article with the dates,
case numbers, and names of (US) CERT advisories from January 2004
to June 2005.
>How-To-Repeat:
>Fix:
This article is currently being discussed on advocacy@; I decided
to "put up" instead of being asked to "shut up" (Hi, Julian! Keep
up the good work! ;-) My www tree is a few weeks old, but the website
appears to still have the same information as my "os-comparison.sgml".
I updated the referenced URI due to the fact that "cert.org" is no
longer being actively updated with advisories; these seem to have moved
to:
http://www.us-cert.gov/cas/techalerts/
--- I can't speculate on what "International" users might wish
to have listed there; this seems (to me) appropriate for most of North
America.
Note that I haven't made any commentary about the list, *nor have I
enumerated the number of advisories that affect any particular OS*.
Particularly in regard to Microsoft's offerings, the list might very
well speak for itself. Feel free to modify it as you wish, though.
Instead of two "headers", there's only one; this is because of the
nature of the content only, and not for any other reason. We appreciate
Murray writing this in the first place, and "hope this helps".
--- os-comparison.sgml Mon May 9 11:06:12 2005
+++ os-comparison2.sgml Tue Jun 28 21:39:06 2005
@@ -470,37 +470,49 @@
information and training to help improve security at Internet
sites.<p>
-<p><strong>CERT Advisories in 2000 that affected Linux:</strong></p>
+<p><strong>CERT Advisories for 2004-early 2005, all operating systems:</strong></p>
<ul>
- <li>CA-2000-22 - Input Validation Problems in LPRng</li>
- <li>CA-2000-21 - Denial-of-Service Vulnerability in TCP/IP
- Stacks</li>
- <li>CA-2000-20 - Multiple Denial-of-Service Problems in ISC BIND</li>
- <li>CA-2000-17 - Input Validation Problem in rpc.statd</li>
- <li>CA-2000-13 - Two Input Validation Problems in FTPD</li>
- <li>CA-2000-06 - Multiple Buffer Overflows in Kerberos Authenticated
- Services</li>
- <li>CA-2000-03 - Continuing Compromises of DNS servers</li>
-</ul>
-
-<p><strong>CERT Advisories in 2000 that affected Windows:</strong></p>
-<ul>
- <li>CA-2000-16 - Microsoft 'IE Script'/Access/OBJECT Tag
- Vulnerability</li>
- <li>CA-2000-14 - Microsoft Outlook and Outlook Express Cache Bypass
- Vulnerability</li>
- <li>CA-2000-12 - HHCtrl ActiveX Control Allows Local Files to be
- Executed</li>
- <li>CA-2000-10 - Inconsistent Warning Messages in Internet
- Explorer</li>
- <li>CA-2000-07 - Microsoft Office 2000 UA ActiveX Control
- Incorrectly Marked "Safe for Scripting"</li>
- <li>CA-2000-04 - Love Letter Worm</li>
+<li>2005-06-14 TA05-165A Microsoft Windows and Internet Explorer Vulnerabilities</li>
+<li>2005-05-16 TA05-136A Apple Mac OS X is affected by multiple vulnerabilities</li>
+<li>2005-04-27 TA05-117A Oracle Products Contain Multiple Vulnerabilities</li>
+<li>2005-04-12 TA05-102A Multiple Vulnerabilities in Microsoft Windows Components</li>
+<li>2005-02-08 TA05-039A Multiple Vulnerabilities in Microsoft Windows Components</li>
+<li>2005-01-26 TA05-026A Multiple Denial of Service Vulnerablities in Cisco IOS</li>
+<li>2005-01-12 TA05-012B Microsoft Windows HTML Help ActiveX Control Cross-Domain Vulnerability</li>
+<li>2005-01-12 TA05-012A Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing</li>
+<li>2004-12-21 TA04-356A Exploitation of phpBB highlight parameter vulnerability</li>
+<li>2004-12-01 TA04-336A Update Available for Microsoft Internet Explorer HTML Elements Vulnerability</li>
+<li>2004-11-11 TA04-316A Cisco IOS Input Queue Vulnerability</li>
+<li>2004-11-10 TA04-315A Buffer Overflow in Microsoft Internet Explorer</li>
+<li>2004-10-19 TA04-293A Multiple Vulnerabilities in Microsoft Internet Explorer</li>
+<li>2004-09-17 TA04-261A Multiple Vulnerabilities in Mozilla Products</li>
+<li>2004-09-16 TA04-260A Microsoft Windows JPEG component buffer overflow</li>
+<li>2004-09-03 TA04-247A Vulnerabilities in MIT Kerberos 5</li>
+<li>2004-09-01 TA04-245A Multiple Vulnerabilities in Oracle Products</li>
+<li>2004-08-04 TA04-217A Multiple Vulnerabilities in libpng</li>
+<li>2004-07-30 TA04-212A Critical Vulnerabilities in Microsoft Windows</li>
+<li>2004-07-14 TA04-196A Multiple Vulnerabilities in Microsoft Windows Components and Outlook Express</li>
+<li>2004-07-02 TA04-184A Internet Explorer Update to Disable ADODB.Stream ActiveX Control</li>
+<li>2004-06-22 TA04-174A Multiple Vulnerabilities in ISC DHCP 3</li>
+<li>2004-06-11 TA04-163A Cross-Domain Redirect Vulnerability in Internet Explorer</li>
+<li>2004-06-08 TA04-160A SQL Injection Vulnerabilities in Oracle E-Business Suite</li>
+<li>2004-05-26 TA04-147A CVS Heap Overflow Vulnerability</li>
+<li>2004-04-20 TA04-111B Cisco IOS SNMP Message Handling Vulnerability</li>
+<li>2004-04-20 TA04-111A Vulnerabilities in TCP</li>
+<li>2004-04-13 TA04-104A Multiple Vulnerabilities in Microsoft Products</li>
+<li>2004-04-08 TA04-099A Cross-Domain Vulnerability in Outlook Express MHTML Protocol Handler</li>
+<li>2004-03-18 TA04-078A Multiple Vulnerabilities in OpenSSL</li>
+<li>2004-03-10 TA04-070A Microsoft Outlook mailto URL Handling Vulnerability</li>
+<li>2004-02-10 TA04-041A Multiple Vulnerabilities in Microsoft ASN.1 Library</li>
+<li>2004-02-05 TA04-036A HTTP Parsing Vulnerabilities in Check Point Firewall-1</li>
+<li>2004-02-02 TA04-033A Multiple Vulnerabilities in Microsoft Internet Explorer</li>
+<li>2004-01-28 TA04-028A W32/MyDoom.B Virus</li>
+
</ul>
<p>For more information about CERT and potential security exploits for
your operating system, please see <a
-href="http://www.cert.org">http://www.cert.org</a>.</p>
+href="http://www.us-cert.gov/cas/techalerts/">http://www.us-cert.gov/cas/techalerts/</a>.</p>
<p>For more information about some of the enhanced security features
of FreeBSD, please see <a
More information about the freebsd-advocacy
mailing list