version 1.119, 1998/05/26 15:53:49 |
version 1.120, 1998/05/30 15:13:05 |
|
|
<a name=all></a> |
<a name=all></a> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<ul> |
<ul> |
|
<a name=xlib></a> |
|
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
|
Vulnerabilities have been found in the X11, Xt, Xaw and Xmu |
|
libraries. These affect xterm and all other setuid-root programs that |
|
use these libraries. The problems are associated with buffer overflows |
|
in code that processes user-supplied data. The Xt library problems |
|
include those fixed in TOG's recent public patch 3 for X11R6.3. All |
|
releases of XFree86 up to and including 3.3.2 patch 1 and the version |
|
distributed with OpenBSD are vulnerable to some or all of these |
|
problems. |
|
These problems are fixed in |
|
<a href="http://www.xfree86.org/">XFree86</a> patch 2. A |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/XFree86-3.3.2.2.patch"> |
|
source patch</a> for these problems, specifically adapted to the |
|
OpenBSD 2.3 X11 tree is available now. |
|
<p> |
<a name=kill></a> |
<a name=kill></a> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
The kill(2) system call previously would permit a large set of signals to |
The kill(2) system call previously would permit a large set of signals to |