www/errata.html - diff - 1.431

Return to errata.html CVS log

Up to [local] / www

Diff for /www/errata.html between version 1.430 and 1.431

version 1.430, 2003/02/25 01:31:30

version 1.431, 2003/03/03 17:29:34

Line 53

Line 53

<a name=all></a>

<a name=all></a>

<li><h3><font color=#e00000>All architectures</font></h3>

<li><h3><font color=#e00000>All architectures</font></h3>

<ul>

<ul>

<a name=sendmail></a>

<li><font color=#009000><strong>009: SECURITY FIX: March 3, 2003</strong></font><br>

A buffer overflow in the envelope comments processing in

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>

may allow an attacker to gain root privileges.<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/009_sendmail.patch">A

source code patch exists which remedies the problem.</a>.

<p>

<a name=httpd></a>

<a name=httpd></a>

<li><font color=#009000><strong>008: SECURITY FIX: February 25, 2003</strong></font><br>

<li><font color=#009000><strong>008: SECURITY FIX: February 25, 2003</strong></font><br>

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.</br>

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">A source code patch exists which fixes these two issues</a>.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">A source code patch exists which fixes these two issues</a>.

<p>

<p>

<a name=ssl></a>

<a name=ssl></a>