Return to errata.html CVS log | Up to [local] / www |
version 1.528, 2005/03/17 01:30:03 | version 1.529, 2005/03/30 17:18:51 | ||
---|---|---|---|
|
|
||
<a name="vax"></a> | <a name="vax"></a> | ||
<ul> | <ul> | ||
<li><a name="telnet"></a> | |||
<font color="#009000"><strong>014: SECURITY FIX: March 30, 2005</strong></font> <i>All architectures</i><br> | |||
Due to buffer overflows in | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">telnet(1)</a> | |||
, a malicious server or man-in-the-middle attack could allow execution of | |||
arbitrary code with the privileges of the user invoking | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">telnet(1)</a> | |||
. | |||
<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/014_telnet.patch"> | |||
A source code patch exists which remedies this problem</a>.<br> | |||
<p> | |||
<li><a name="sack"></a> | |||
<font color="#009000"><strong>013: RELIABILITY FIX: March 30, 2005</strong></font> <i>All architectures</i><br> | |||
Bugs in the | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcp&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">tcp(4)</a> | |||
stack can lead to memory exhaustion or processing of TCP segments with | |||
invalid SACK options and cause a system crash. | |||
<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/013_sack.patch"> | |||
A source code patch exists which remedies this problem</a>.<br> | |||
<p> | |||
<li><a name="copy"></a> | <li><a name="copy"></a> | ||
<font color="#009000"><strong>012: SECURITY FIX: March 16, 2005</strong></font> <strong>amd64 only</strong><br> | <font color="#009000"><strong>012: SECURITY FIX: March 16, 2005</strong></font> <strong>amd64 only</strong><br> | ||
More stringent checking should be done in the | More stringent checking should be done in the |