Bug 82761

Summary: (PATCH) www/marketing/os-comparison.sgml, updates CERT advisories
Product: Documentation Reporter: Kevin Kinsey <kdk>
Component: Books & ArticlesAssignee: Remko Lodder <remko>
Status: Closed FIXED    
Severity: Affects Only Me CC: advocacy
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Kevin Kinsey 2005-06-29 04:30:28 UTC 
This patch updates the "OS Comparison" article with the dates,
                case numbers, and names of (US) CERT advisories from January 2004
                to June 2005.

Fix: This article is currently being discussed on advocacy@; I decided
        to "put up" instead of being asked to "shut up" (Hi, Julian!  Keep
        up the good work! ;-)  My www tree is a few weeks old, but the website
        appears to still have the same information as my "os-comparison.sgml".

        I updated the referenced URI due to the fact that "cert.org" is no
        longer being actively updated with advisories; these seem to have moved
        to:
                 http://www.us-cert.gov/cas/techalerts/

           --- I can't speculate on what "International" users might wish
        to have listed there; this seems (to me) appropriate for most of North
        America.

        Note that I haven't made any commentary about the list, *nor have I
        enumerated the number of advisories that affect any particular OS*.
        Particularly in regard to Microsoft's offerings, the list might very
        well speak for itself.  Feel free to modify it as you wish, though.

        Instead of two "headers", there's only one; this is because of the
        nature of the content only, and not for any other reason.  We appreciate
        Murray writing this in the first place, and "hope this helps".




-<p><strong>CERT Advisories in 2000 that affected Linux:</strong></p>
+<p><strong>CERT Advisories for 2004-early 2005, all operating systems:</strong></p>
 <ul>                                                       
-  <li>CA-2000-22 - Input Validation Problems in LPRng</li>
-  <li>CA-2000-21 - Denial-of-Service Vulnerability in TCP/IP
-  Stacks</li>
-  <li>CA-2000-20 - Multiple Denial-of-Service Problems in ISC BIND</li>
-  <li>CA-2000-17 - Input Validation Problem in rpc.statd</li>
-  <li>CA-2000-13 - Two Input Validation Problems in FTPD</li>
-  <li>CA-2000-06 - Multiple Buffer Overflows in Kerberos Authenticated
-  Services</li>
-  <li>CA-2000-03 - Continuing Compromises of DNS servers</li>
-</ul>
-
-<p><strong>CERT Advisories in 2000 that affected Windows:</strong></p>
-<ul>
-  <li>CA-2000-16 - Microsoft 'IE Script'/Access/OBJECT Tag
-  Vulnerability</li>
-  <li>CA-2000-14 - Microsoft Outlook and Outlook Express Cache Bypass
-  Vulnerability</li>
-  <li>CA-2000-12 - HHCtrl ActiveX Control Allows Local Files to be
-  Executed</li>
-  <li>CA-2000-10 - Inconsistent Warning Messages in Internet
-  Explorer</li>
-  <li>CA-2000-07 - Microsoft Office 2000 UA ActiveX Control
-  Incorrectly Marked "Safe for Scripting"</li>
-  <li>CA-2000-04 - Love Letter Worm</li>
+<li>2005-06-14 TA05-165A   Microsoft Windows and Internet Explorer Vulnerabilities</li>
+<li>2005-05-16 TA05-136A   Apple Mac OS X is affected by multiple vulnerabilities</li>
+<li>2005-04-27 TA05-117A   Oracle Products Contain Multiple Vulnerabilities</li>
+<li>2005-04-12 TA05-102A   Multiple Vulnerabilities in Microsoft Windows Components</li>
+<li>2005-02-08 TA05-039A   Multiple Vulnerabilities in Microsoft Windows Components</li>
+<li>2005-01-26 TA05-026A   Multiple Denial of Service Vulnerablities in Cisco IOS</li>
+<li>2005-01-12 TA05-012B   Microsoft Windows HTML Help ActiveX Control Cross-Domain Vulnerability</li>
+<li>2005-01-12 TA05-012A   Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing</li>
+<li>2004-12-21 TA04-356A   Exploitation of phpBB highlight parameter vulnerability</li>
+<li>2004-12-01 TA04-336A   Update Available for Microsoft Internet Explorer HTML Elements Vulnerability</li>
+<li>2004-11-11 TA04-316A   Cisco IOS Input Queue Vulnerability</li>
+<li>2004-11-10 TA04-315A   Buffer Overflow in Microsoft Internet Explorer</li>
+<li>2004-10-19 TA04-293A   Multiple Vulnerabilities in Microsoft Internet Explorer</li>
+<li>2004-09-17 TA04-261A   Multiple Vulnerabilities in Mozilla Products</li>
+<li>2004-09-16 TA04-260A   Microsoft Windows JPEG component buffer overflow</li>
+<li>2004-09-03 TA04-247A   Vulnerabilities in MIT Kerberos 5</li>
+<li>2004-09-01 TA04-245A   Multiple Vulnerabilities in Oracle Products</li>
+<li>2004-08-04 TA04-217A   Multiple Vulnerabilities in libpng</li>
+<li>2004-07-30 TA04-212A   Critical Vulnerabilities in Microsoft Windows</li>
+<li>2004-07-14 TA04-196A   Multiple Vulnerabilities in Microsoft Windows Components and Outlook Express</li>
+<li>2004-07-02 TA04-184A   Internet Explorer Update to Disable ADODB.Stream ActiveX Control</li>
+<li>2004-06-22 TA04-174A   Multiple Vulnerabilities in ISC DHCP 3</li>
+<li>2004-06-11 TA04-163A   Cross-Domain Redirect Vulnerability in Internet Explorer</li>
+<li>2004-06-08 TA04-160A   SQL Injection Vulnerabilities in Oracle E-Business Suite</li>
+<li>2004-05-26 TA04-147A   CVS Heap Overflow Vulnerability</li>
+<li>2004-04-20 TA04-111B   Cisco IOS SNMP Message Handling Vulnerability</li>
+<li>2004-04-20 TA04-111A   Vulnerabilities in TCP</li>
+<li>2004-04-13 TA04-104A   Multiple Vulnerabilities in Microsoft Products</li>
+<li>2004-04-08 TA04-099A   Cross-Domain Vulnerability in Outlook Express MHTML Protocol Handler</li>
+<li>2004-03-18 TA04-078A   Multiple Vulnerabilities in OpenSSL</li>
+<li>2004-03-10 TA04-070A   Microsoft Outlook mailto URL Handling Vulnerability</li>
+<li>2004-02-10 TA04-041A   Multiple Vulnerabilities in Microsoft ASN.1 Library</li>
+<li>2004-02-05 TA04-036A   HTTP Parsing Vulnerabilities in Check Point Firewall-1</li>
+<li>2004-02-02 TA04-033A   Multiple Vulnerabilities in Microsoft Internet Explorer</li>
+<li>2004-01-28 TA04-028A   W32/MyDoom.B Virus</li>
+
 </ul>

 <p>For more information about CERT and potential security exploits for
 your operating system, please see <a
-href="http://www.cert.org">http://www.cert.org</a>.</p>
+href="http://www.us-cert.gov/cas/techalerts/">http://www.us-cert.gov/cas/techalerts/</a>.</p>

 <p>For more information about some of the enhanced security features
 of FreeBSD, please see <a--k7YemSO3wgA3s1sYRfnnrYi7pqoAbo7A8Cx6gGLeVbSvqcIS
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

--- os-comparison.sgml  Mon May  9 11:06:12 2005
+++ os-comparison2.sgml Tue Jun 28 21:39:06 2005
@@ -470,37 +470,49 @@
 information and training to help improve security at Internet
 sites.<p>
Comment 1 Remko Lodder freebsd_committer freebsd_triage 2005-07-09 15:33:55 UTC 
Responsible Changed
From-To: freebsd-www->remko

I will handle this.
Comment 2 Remko Lodder freebsd_committer freebsd_triage 2005-07-19 20:11:00 UTC 
State Changed
From-To: open->closed

I updated the article as you requested. 
I had some difficulties applying your patch so i used the information from 
the patch to make the "new" article. 

I modified your patch a little to meet up with style requirements 
(72 chars and indentation) and i changed the double spaces in the 
CERT listing to single spaces since the double spaces were ignored 
by HTML. 

Thanks for the submission! You should be able to see the changes within 
24 hours.