The NetBSD project is pleased to welcome the following new developers:
* David Laight (dsl@netbsd.org), who will be working on miscellaneous tasks.

* Takeshi Nakayama (nakayama@netbsd.org), who will be working on kernel

  debugging, the sparc, sparc64, i386 and hpcmips ports.

* Angelos Keromytis (angelos@netbsd.org), who will be working on

  cryptography in NetBSD.

* Takayoshi Kochi (kochi@netbsd.org), who will be working on ACPI and

  the i386 port.

* Naoto Shimazaki (igy@netbsd.org), who will be working on the evbarm

  and evbmips ports.
Welcome aboard!
--

http://www.netbsd.org -

         Multiarchitecture OS, no hype required.

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
Announcing NetBSD and the Google "Summer of Code" Projects 2008
April 21, 2008  For the fourth consecutive year, the NetBSD Project is

proud to participate in Google's "Summer of Code" program as a mentoring

organization and is pleased to announce the list of projects that have

been accepted for this summer. As in previous years, the task of

selecting a limited number of projects from over 50 student applications

wasn't easy. With almost as many mentors signed up as student

applications, ranking was done based on a number of criteria such as a

students knowledge, interest and enthusiasm, the scope and detail of the

proposal, the likeliness of the project succeeding etc.
In the end, the following projects were selected, listed in alphabetical

order by the student's last name:
    1. Project: Implement Ext3 file system support

       Student: Rus-Rebreanu Alin-Florin

       Mentor: Alistair Crooks
    2. Project: Create an in-kernel API for "packet classes"

       Student: Anish

       Mentor: Herb Peyerl
    3. Project: File system access utilities

       Student: Ysmal Arnaud

       Mentor: Antti Kantee
    4. Project: wscons: Expansion for wstablet in NetBSD

       Student: Jason W. Beaudoin

       Mentor: Petra Zeidler
    5. Project: Subfile Support for NetBSD

       Student: Adam Burkepile

       Mentor: Philip Nelson
    6. Project: Hurd translators

       Student: Marek Dopiera

       Mentor: Aymeric Vincent
    7. Project: Write and improve NetBSD LVM driver

       Student: Adam Hamsik

       Mentor: Brett Lymn
    8. Project: Implementation of RFC4380 (Teredo) in NetBSD

       Student: Arnaud Lacombe

       Mentor: David Young
    9. Project: Add support for UVC devices (USB web-cams)

       Student: Patrick Mahoney

       Mentor: Jared D. McNeill
   10. Project: DVB drivers and kernel framework

       Student: Jeremy Morse

       Mentor: Jared D. McNeill
   11. Project: pkgsrc: rewrite wr...
[ message continues ]

Hello,
As you may already know, the NetBSD Project has decided to upgrade

its aging CVS server machine in order to provide better service.
We have already purchased a new server that has a 2.4GHz xeon,

hardware raid, dual gigabit ethernet, 5 x 36GB drives, a PC-Weasel,

and 4GB of ram. It cost the project approximately $6K, so we are

soliciting donations to pay for it.
You can submit donations via http://www.paypal.com to paypal@netbsd.org,

or contact finance-exec@netbsd.org for an address to send a check to.
We thank you in advance for your support,
christos
For the NetBSD Foundation, Inc. Board of Directors

The Board of Directors of The NetBSD Foundation would like to thank

everyone who contributed time, money, and effort into providing the

new CVS server (ivanova.netbsd.org).
In particular, we'd like to thank:

	* Wasabi Systems Inc., Middle Digital Inc., Andrew Brown,

	  Ed Richley, and Christos Zoulas for their generous donations.

	* Thor Lancelot Simon and the administration team members for

	  specifying, configuring, and setting up the machine.

    	* Paul Vixie and Internet Systems Consortium, Inc. (ISC)

	  for hosting the new server.
For the technically inclined, the configuration is:

	* 2400 MHz Pentium 4

	* 4 GB Memory

	* Adaptec ASR-2200S Raid controller

	* 5 x 36 GB 10000 RPM SCSI drives

	* PC Weasel PCI
The new CVS server has made CVS operations at least 10 times quicker,

and so NetBSD development has been immensely helped by this new server.
For more information about donations to The NetBSD Foundation:

	http://www.NetBSD.org/donations/
--

Luke Mewburn <lukem@NetBSD.org>, on behalf of

The Board of Directors of The NetBSD Foundation <board@NetBSD.org>

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
NetBSD Quarterly Status Report - 2004Q4
NetBSD is an actively developed operating system.  With fifty four

different system architectures in total and binary support of over 48

architectures in our last official release (NetBSD 2.0), our widely

portable Packages Collection ``pkgsrc'' and large userbase there is a

lot going on within the project.  In order to allow our users to

follow the most important changes over the last few months, we provide

a brief summary in these official status reports on a regular basis.

These status reports are suitable for reproduction and publication in

part or in whole as long as the source is clearly indicated.
- -Jan Schaumann <jschauma@NetBSD.org>
October - December 2004:
The last three months of 2004 were full of exciting developments

within the NetBSD Project.  Not only did the new official NetBSD Logo

get announced (with all the hoopla and discussions about the choice

this bikeshed-prone topic solicits), but we also released the much

anticipated NetBSD 2.0 and the pkgsrc team created a new stable

branch, pkgsrc-2004Q4.
But the last quarter also brought some problems:  the 2.0 release went

through several Release Candidates in October and November before the

final release was unfortunately held back by a hardware failure of the

main release engineering server.  Together with the recent failure of

the anoncvs server this meant significant expenses for this volunteer

project.  If you would like to help us out with a tax-deductible

donation, please contact <finance-exec@NetBSD.org>.
This and other news from the fourth quarter of 2004 within NetBSD in

details below:
Administrative:

	- releng.NetBSD.org down [20041019]

	- anoncvs down due to random memory corruption [20041223]

	- New Developers [20050101]
Miscellaneous:

	- EuroBSDCon [20041029]

	- New Logo [20041030]

	- NetBSD 2.0 released [20041209]

	- NetBSD Live CD runs contest [20041119]
pkgsrc:

	- New support...
[ message continues ]

Dear NetBSD Users,
ISC is NetBSD's main ISP for all our primary services, and they've dropped

us note that there's some limited outage to expect today:
``ISC will be performing urgent network maintenance on Sunday, October

14th starting at 1200 Pacific Time and is expected to last for up to

three hours.   During this maintenance window, there will be period of

up to 30 minutes where we expect a serious network disruption across

ISC's SF Bay Area network as we replace a core router at one of our

locations.  Your reachability to your systems here (or to your internet

connection) will be impacted.
[...]
Apologies for the short notice on such a disruptive maintenance, it is

something we wish to have avoided, even on a weekend, but at least the

new router will provide additional stability and growth as we (ISC)

expand our network backbone capacity. ;)''
Have a nice day!
  - Hubert

The anonymous CVS server will be unavailable for much of tomorrow, May 21

2005, while we rework and simplify its configuration.  Among other less

immediately obvious benefits we hope this will allow us to begin offering

anonymous CVS access over IPv6.
Sorry about the short notice -- this was supposed to happen earlier in the

week, with more notice, but other pressing matters repeatedly stole its

time, and we'd like to get it done this week; we begin to lose some of our

admin manpower as the summer academic sessions start up at most U.S.

universities over the next couple of weeks.
--

 Thor Lancelot Simon	                                      tls@rek.tjls.com
"The inconsistency is startling, though admittedly, if consistency is to be

 abandoned or transcended, there is no problem."		- Noam Chomsky

On behalf of the NetBSD Release Engineering team, I'm happy to announce

that the release process for NetBSD 2.1 has begun.  Those of you

paying close attention will notice that NetBSD 2.1 RC3 is available

in the "daily builds" section of your local FTP mirror (in the

/pub/NetBSD-daily/netbsd-2-1-RC3 directory on most mirrors), and we

encourage you to test it out and report any major bugs using

send-pr(1).  (For those interested in details, 2.1 RC1 and RC2 were

not announced publically because of build problems on some supported

platforms)=20
We expect to have RC4 available on FTP mirrors in about a week, and we

expect this to be the final release candidate - which means the final=20

release of 2.1 is approximately three weeks away if all goes well.

We appreciate your patience and support which we hope will make this

the best NetBSD release to date!

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
		 NetBSD Security Advisory 2005-003

		 =================================
Topic:		F_CLOSEM local denial of service
Version:	NetBSD-current:	source prior to January 12, 2005

		NetBSD 2.1:	not affected

		NetBSD 2.0.2:	not affected

		NetBSD 2.0:	affected

		NetBSD 1.6.*:	not affected
Severity:	Local Denial-of-Service
Fixed:		NetBSD-current:		January 12, 2005

		NetBSD-2-0 branch:	March 16, 2005

						(2.0.2 includes the fix)

		NetBSD-2 branch:	March 16, 2005

						(2.1 includes the fix)
Abstract

========
A bug in the way the file descriptor table of a process is manipulated

can be triggered by calling the F_CLOSEM fnctl() with the parameter 0,

which means "close all opened file descriptors".
The result of the bug is that the kernel will loop endlessly,

effectively locking up the computer.
Any local user can trigger the bug.
Technical Details

=================
The F_CLOSEM fnctl() call takes a parameter and makes the kernel close

all file descriptors of the process whose number is greater or equal to

the parameter.
fd_lastfile in the process's descriptor table keeps track of the last file

descriptor index used by the process, and its value is maintained by

find_last_set(). A change in find_last_set() that made it return 0 and not

- -1 (like it used to) when no files were used caused an infinite loop in

the kernel, leading to local denial-of-service triggerable by any user.
Solutions and Workarounds

=========================
There is no workaround for this issue. It is recommended that users of

affected NetBSD versions upgrade their kernel.
The following instructions describe how to upgrade your kernel by updating

your source tree and rebuilding and installing a new version of the

kernel.
* NetBSD-current:
	Systems running NetBSD-current dated from before 2005-01-12

	should be upgraded to NetBSD-current dated 2005-01-13 or later.
	The following files need to be updated from the

	netbs...
[ message continues ]

Announcing NetBSD 4.0.1
About the NetBSD 4.0.1 Release
   The NetBSD Project is pleased to announce that update 4.0.1 of the

   NetBSD operating system is now available. NetBSD 4.0.1 is the first

   security/critical update of the NetBSD 4.0 release branch. This

   represents a selected subset of fixes deemed critical in nature for

   stability or security reasons, no new features have been added.
   NetBSD 4.0.1 runs on 54 different system architectures featuring 17

   machine architectures across 17 distinct CPU families, and is being

   ported to more. The NetBSD 4.0.1 release contains complete binary

   releases for 51 different machine types, with the platforms amigappc,

   bebox and ews4800mips released in source form only. Complete source

   and binaries for NetBSD 4.0.1 are available for download at many sites

   around the world. A list of download sites providing FTP, AnonCVS,

   SUP, and other services is provided at the end of this announcement;

   the latest list of available download sites may also be found at

   http://www.NetBSD.org/mirrors/. We encourage users who wish to install

   via a CD-ROM ISO image to download via BitTorrent by using the torrent

   files supplied in the ISO image area. A list of hashes for the NetBSD

   4.0.1 distribution has been signed with the well-connected PGP key for

   the NetBSD Security Officer:

   ftp://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-4.0.1_hashes.asc
   Please note that all fixes in security/critical updates (i.e., NetBSD

   4.0.1, 4.0.2, etc) are cumulative, so the latest update contains all

   such fixes since the corresponding minor release. These fixes will

   also appear in future minor releases (i.e., NetBSD 4.1, 4.2, etc),

   together with other less-critical fixes and feature enhancements.
   NetBSD is free. All of the code is under non-restrictive licenses, and

   may be used without paying royalties to anyone. Free support services

   are available via our mailing lists...
[ message continues ]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
		 NetBSD Security Advisory 2009-012

		 =================================
Topic:		SHA2 implementation potential buffer overflow
Version:	NetBSD-current:		affected prior to 2009-05-26

		NetBSD 5.0:		affected

		NetBSD 4.0.*:		affected

		NetBSD 4.0:		affected
Severity:	Denial of Service
Fixed:		NetBSD-current:		May 26, 2009

		NetBSD-5-0 branch:	Jul 11, 2009

		NetBSD-5 branch:	Jul 11, 2009

		NetBSD-4-0 branch:	Jul 22, 2009

		NetBSD-4 branch:	Jul 22, 2009
Please note that NetBSD releases prior to 4.0 are no longer supported.

It is recommended that all users upgrade to a supported release.
Abstract

========
An error initializing a SHA2 context causes vulnerable applications using

libcrypto to suffer from a 4- or 8-byte buffer overflow (for SHA256 and

SHA512 correspondingly) with fixed content, potentially causing

applications to crash.
Technical Details

=================
A program using the SHA2 implementation from sys/sha2.h in NetBSD and

linking against libcrypto is vulnerable to a 4- or 8-byte buffer

overflow (for SHA256 and SHA512 correspondingly) with fixed content.
The overflow occurs at the time the hash init function is called (e.g.

SHA256_Init). The init functions then pass the wrong size for the

context as an argument to the memset function which then overwrites

4 bytes of the memory buffer located after the one holding the context.
In the NetBSD base system, this affects the libssh library as well as

the pkg_install framework. In libssh, the overflow occurs on the heap

of the program using it, in pkg_install a stack overflow occurs.
Solutions and Workarounds

=========================
A workaround for this issue for programs in the NetBSD base system

is to disable SHA256 as a HMAC for the secure shell and to avoid

using the audit facility as well as signed packages.
To determine whether or not a package is signed, run the command
	% tar tzf package.tgz
on the package. If the first ...
[ message continues ]

The pkgsrc-2006Q1 Branch

========================
The pkgsrc developers are very proud to announce the new pkgsrc-2006Q1

branch, which has support for more packages than previous branches.

As well as updated versions of many packages, the infrastructure of

pkgsrc itself has been improved for better platform and compiler

support, and also for enhanced security.
At the same time, the pkgsrc-2005Q4 branch has been deprecated, and

continuing engineering starts on the pkgsrc-2006Q1 branch.
Some highlights of the new pkgsrc-2006Q1 branch are:
+ many, many packages have been updated to newer versions, to take

advantage of fixes and improved functionality.  This includes
	+ firefox-1.5.0.1

	+ gnome-2.12.2

	+ kde-3.5.1

	+ opera-8.52

	+ perl-5.8.7

	+ postgresql 8.1.3

	+ thunderbird-1.5

	+ X.org 6.9

	+ the addition of some pertinent bright, shiny packages such

	  as apache-tomcat-5.5.14, cdrtools, nagios, qt4, strace,

	  sunbird, and suse 10 packages better to support Linux

	  emulation.

	+ a considerable number of fixes for much better DragonFly BSD

	  operation, which will also benefit a lot of pkgsrc platforms,

	  with thanks to Joerg Sonnenberger
The full list of platforms supported by pkgsrc is:  AIX, BSD/OS,

Darwin (Mac OS X), DragonFly BSD, FreeBSD, IRIX, Interix, Linux, NetBSD,

OSF1, OpenBSD, SunOS (Solaris), and UnixWare.  We would like to add

support for more - please get in touch if you, too, are interested.
+ following DragonFly BSD's adoption of pkgsrc as their packaging

system, Joerg Sonnenberger has made a lot of changes, which include a

number of modifications for packages which use POSIX threading

libraries, and also enhanced support for gcc 3.4 and above
+ a number of changes in pkgsrc's infrastructure have been introduced,

including improvements in the PLIST handling, the ongoing work to

validate PLISTs automatically, especially during bulk builds, and the

improvements in the pkginstall framework, most noticably

font-handling.
+ continuing engi...
[ message continues ]

Return-Path: <owner-netbsd-announce@netbsd.org>

X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on andgasm.beer.org

X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham

	version=3.1.0

X-Spam-Level:

X-Original-To: netbsd-announce@netbsd.org

Received: from netmeister.org (netmeister.org [64.81.200.34])

	by mail.netbsd.org (Postfix) with ESMTP id 9205A63B193

	for <netbsd-announce@netbsd.org>; Mon,  1 May 2006 15:27:10 -0400 (EDT)

Received: by netmeister.org (Postfix, from userid 1000)

	id BA91C79C7C; Mon,  1 May 2006 15:36:41 -0400 (EDT)

Date: Mon, 1 May 2006 15:36:41 -0400

From: Jan Schaumann <jschauma@netbsd.org>

To: netbsd-announce@netbsd.org

Subject: Google Summer of Code now open

Message-ID: <20060501193641.GB8074@netmeister.org>

Mail-Followup-To: netbsd-announce@netbsd.org

Mime-Version: 1.0

Content-Type: text/plain; charset=us-ascii

Content-Disposition: inline

User-Agent: Mutt/1.4.2.1i
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
Hello,
This is a reminder that the Google Summer of Code 2006 has now

officially opened up and students' applications are accepted.  The

NetBSD Project is proud to be a participating mentoring organization

once again and has compiled a list of possible projects at

http://www.NetBSD.org/contrib/projects.html.  This website has been

updated frequently in the last couple of days, but it remains

non-exhaustive.
If you are interested in applying for one of these projects -- or if you

have an idea for another project altogether -- please take your time to

discuss your idea with the NetBSD community on the relevant mailing

list.  Remember, applications are *not* accepted on a first-come,

first-serve basis, so the more feedback you get on your project

proposal, the better your application will be, increasing your chances

of being accepted!
When you do prepare your application, please take a look at

http://www.NetBSD.org/contrib/soc-application.html, where we have listed

a few of the q...
[ message continues ]

Changes to the NetBSD Packages Collection in April 2002.

========================================================
[For a full list of changes, please consult the tech-pkg@netbsd.org

mailing list - agc]
By my calculations, there were 2808 packages in the Packages

Collection at the end of April, up 79 from 2729 at the end of March.
Matthias added some new SuSE 7.3 Linux emulation packages, and these

work much better in -current with the old SuSE 6.4 packages, which have

been retained for those of us not running -current. Thanks, Matthias.
Notable additions to the Packages Collection include:  ald, ap-gzip,

autoconf-devel, bbsload, bonobo-activation, ccache, ce,

createbuildlink (good try, Rene, but airportbasestationconfig is still

the best package name so far) crimson, cwtext, dgd, emacs21, ettercap,

gmplayer, gnome-mime-types, id3v2, jam, jasmin, kdeaddons, libIDL,

libmcrypt, libtar, linc, locatorm magic, mozilla-fonts (thanks,

Thomas), mp3asm, musicbrainz, nttcp, onyx, opera-plugins, ORBit2,

various perl5 modules, some python binsdings and documentation, some R

plugins (thanks, Mark), rewind, rox, snort-pgsql, TeXmacs, tk-Tix,

ttftot42, ve, wwl, xanalyser, xmftp, xnap, xrmftp.
Notable updates include:  abiword-personal (this has become very

useful for me - thanks, Martti), adzap, some apache modules, apache2,

aribas, arla, audit-packages, cpuflags, curl, dap, esound, ethereal,

fetchmail (thanks, Thorsten), fileutilsm flac, fluxbox, fvwm2, galeon,

gcc-sspm gkrellm-snmp, gmp, gnumeric, graphviz, grpn, grub, gtk2,

gtkballs, gtm, htmlfix, hugs, if-psprint, ipa, ipv6calc, ircII,

isakmpd, jakarta-ant, jasper, jdbc-postgresql, keychain, kth-krb4,

lftp, libIDL, libmpeg3, libxml2m linc, lsof, lyx, mozilla, mtv, neon,

netsaint, nsd, openssh, opera6, ORBit and ORBit2, various perl5

modules, pchar, pim6dd, pim6sd, pkgchk, pkgdiff, pkglint, popa3d,

postfix, postgresql and related packages, python 2.1 and 2.2, R,

racoon, rconfig, scrollkeeper, sdig, skill, skipstone, snort, spim,

teapop...
[ message continues ]

Summary of Changes to the NetBSD Packages Collection in May 2002

================================================================
[Apologies once again for the lateness of this mail. For a full list

of changes, please refer to the current-users mailing list. - agc]
92 packages were added in May, whilst 2 were removed, which by my

estimates, mean that there were 2898 packages in the packages

collection at the end of May, there being 2808 at the end of April.
The main change is the addition of the kde3 packages, with many thanks

to Nick Hudson for his excellent work. Also notable are some the changes

that Amitai Schlair has made better to support Darwin.
Notable additions include:  upclient, acidlaunch, algae, a development

meta-package for Amanda, arts, cg, cilk, conserver, cxunzip, dbz-ttf,

diction, dlcompat for Darwin (thanks, Amitai), dvipdfm, efax-gtk,

elinks, emacs21-nox11, epic4-doc, euler, fam, ftpproxy, fxtv-capture,

GConf2, generator, gimp-print-cups, gnet, gri, htmldoc, http_load,

imapfilter, intltool, jini, joos, kde3 and related packages,

lambdamoo, lbreakout2, leim, libart2, libirman, lmme, lpairs, ltris,

mailsync, marbles, mencoder, mkfontalias, mkfontscale, molden,

mpegaudio, mpeg123-nas, mplayer-share (thanks, Bernd), nullmailer,

oggasm, oto, p11, p5-Font-TTF, projclock, qiv, rioutil, rootprobe,

some rox utilities, sather (thanks, Jason), solid-pop3d, spiralsynth,

sun-jdk14 and sun-jre14 (thanks, Jan), text2rtf, w3m-img, xchrono,

xmms-mad, xrick, yrolo, and zile.
Notable updates include:  adzap, analog, bind 8 and 9, bochs, bonobo

components, bwbasic, ccache, cdpack, chemtool, claraocr,

createbuildlink, disc-cover, ekg, esound, etach, etcupdate, fxtv,

gaim, galeon, gauche, gdk-pixbuf and gdk-pixbuf-gnome, geda utils,

gerbv, some gimp plugins and drivers, gkrellm, glib, glib2, gmplayer,

gnetlist, gnome-games, gnu-go, gnupg, gqmpeg, grpn, gschem, gsl,

gsymcheck, guppi, gwave, hdf, htmldoc, icecast, irssi, isearch, jam,

jwhois, lame, latex2html, lftp libdvdread,...
[ message continues ]

In keeping with NetBSD's policy of supporting only the current (5.x) and

next most recent (4.x) release branches, the release of 5.0 marks the end

of life for the 3.x branches.  We have provided an extra month of support

for 3.x in order to give people time to migrate their machines to a newer

release, and this one month period will be part of our support policy in

the future.
The following branches will no longer be maintained:

netbsd-3-0

netbsd-3-1

netbsd-3
This means:

- There will be no more pullups to the branches (even for security issues)

- There will be no security advisories made for any of the 3.x releases

- The existing 3.x releases on ftp.NetBSD.org will be moved into

  /pub/NetBSD-archive/
Soren

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
		 NetBSD Security Advisory 2006-023

		 =================================
Topic:		OpenSSL RSA Signature Forgery
Version:	NetBSD-current:	source prior to September 06, 2006

		NetBSD 4.0_BETA:	affected

		NetBSD 3.1_RC3:		not affected

		NetBSD 3.0.*:		affected

		NetBSD 3.0:		affected

		NetBSD 2.1:		affected

		NetBSD 2.0.*:		affected

		NetBSD 2.0:		affected

		pkgsrc:			openssl-0.9.7inb1 and earlier
Severity:	Forgery of RSA certificates
Fixed:		NetBSD-current:		September 06, 2006

		NetBSD-4 branch:	September 08, 2006

			(4.0 will include the fix)

		NetBSD-3-0 branch:	September 08, 2006

			(3.0.2 will include the fix)

		NetBSD-3 branch:	September 08, 2006

			(3.1 will include the fix)

		NetBSD-2-1 branch:	September 08, 2006

		NetBSD-2-0 branch:	September 08, 2006

		NetBSD-2 branch:	September 08, 2006

		pkgsrc:			openssl-0.9.7inb2 corrects the issue
Abstract

========
OpenSSL contains a vulnerability in the validation of PKCS #1 v1.5

signatures.  If a certificate signed by an RSA key with a public

exponent of 3 is used it may be possible for an attacker to present an

alternate certificate with forged PKCS #1 v1.5 signature which OpenSSL

would also report as valid.
This vulnerability has been assigned CVE reference CVE-2006-4339.
Technical Details

=================
When verifying a PKCS#1 v1.5 signature OpenSSL was not checking for

excess data at the end of the signed hash.  By carefully choosing

additional data after the hash, an attacker could construct an

alternate certificate with arbitrary contents that would be validated

as correctly signed.
Details of the attack are discussed in the following post by Hal

Finney to the cryptography mailing list:
  http://marc.theaimsgroup.com/?l=cryptography&m=115694833312008
In addition to OpenSSL, a number of other cryptographic library

implementations suffered from similar vulnerabilities. These include

those in the Opera and Mozilla family of web bro...
[ message continues ]