Return to errata.html CVS log | Up to [local] / www |
version 1.549, 2006/03/08 01:40:56 | version 1.550, 2006/03/08 06:57:19 | ||
---|---|---|---|
|
|
||
<ul> | <ul> | ||
<li><a name="ssh"></a> | <li><a name="ssh"></a> | ||
<font color="#009000"><strong>005: SECURITY FIX: February 12, 2006</strong></font> <i>All architectures</i><br> | None yet. | ||
Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=system&sektion=3">system(3)</a> | |||
function in | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> | |||
when performing copy operations using filenames that are supplied by the user from the command line. | |||
This can be exploited to execute shell commands with privileges of the user running | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>. | |||
<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"> | |||
A source code patch exists which remedies this problem</a>.<br> | |||
<p> | |||
<li><a name="i386machdep"></a> | |||
<font color="#009000"><strong>004: RELIABILITY FIX: January 13, 2006</strong></font> <i>i386 architecture</i><br> | |||
Constrain | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=i386_set_ioperm&arch=i386&sektion=2">i386_set_ioperm(2)</a> | |||
so even root is blocked from accessing the ioports | |||
unless the machine is running at lower securelevels or with an open X11 aperture. | |||
<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/i386/004_i386machdep.patch"> | |||
A source code patch exists which remedies this problem</a>.<br> | |||
<p> | |||
<li><a name="i386pmap"></a> | |||
<font color="#009000"><strong>003: RELIABILITY FIX: January 13, 2006</strong></font> <i>i386 architecture</i><br> | |||
Change the implementation of i386 W^X so that the "execute line" can move around. | |||
Before it was limited to being either at 512MB (below which all code normally | |||
lands) or at the top of the stack. Now the line can float as | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> | |||
and | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mmap&sektion=2">mmap(2)</a> | |||
requests need it to. This is now implemented using only GDT selectors | |||
instead of the LDT so that it is more robust as well. | |||
<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/i386/003_i386pmap.patch"> | |||
A source code patch exists which remedies this problem</a>.<br> | |||
<p> | |||
<li><a name="fd"></a> | |||
<font color="#009000"><strong>002: SECURITY FIX: January 5, 2006</strong></font> <i>All architectures</i><br> | |||
Do not allow users to trick suid programs into re-opening files via /dev/fd. | |||
<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/002_fd.patch"> | |||
A source code patch exists which remedies this problem</a>.<br> | |||
<p> | |||
<li><a name="perl"></a> | |||
<font color="#009000"><strong>001: SECURITY FIX: January 5, 2006</strong></font> <i>All architectures</i><br> | |||
A buffer overflow has been found in the Perl interpreter with the sprintf function which | |||
may be exploitable under certain conditions. | |||
<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"> | |||
A source code patch exists which remedies this problem</a>.<br> | |||
<p> | |||
</ul> | </ul> | ||
<br> | <br> |