![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www|
Return to errata.html CVS log | Up to [local] / www |
| version 1.549, 2006/03/08 01:40:56 | version 1.550, 2006/03/08 06:57:19 | ||
|---|---|---|---|
|
|
||
| <ul> | <ul> | ||
| <li><a name="ssh"></a> | <li><a name="ssh"></a> | ||
| <font color="#009000"><strong>005: SECURITY FIX: February 12, 2006</strong></font> <i>All architectures</i><br> | None yet. | ||
| Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the | |||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=system&sektion=3">system(3)</a> | |||
| function in | |||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> | |||
| when performing copy operations using filenames that are supplied by the user from the command line. | |||
| This can be exploited to execute shell commands with privileges of the user running | |||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>. | |||
| <br> | |||
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"> | |||
| A source code patch exists which remedies this problem</a>.<br> | |||
| <p> | |||
| <li><a name="i386machdep"></a> | |||
| <font color="#009000"><strong>004: RELIABILITY FIX: January 13, 2006</strong></font> <i>i386 architecture</i><br> | |||
| Constrain | |||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=i386_set_ioperm&arch=i386&sektion=2">i386_set_ioperm(2)</a> | |||
| so even root is blocked from accessing the ioports | |||
| unless the machine is running at lower securelevels or with an open X11 aperture. | |||
| <br> | |||
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/i386/004_i386machdep.patch"> | |||
| A source code patch exists which remedies this problem</a>.<br> | |||
| <p> | |||
| <li><a name="i386pmap"></a> | |||
| <font color="#009000"><strong>003: RELIABILITY FIX: January 13, 2006</strong></font> <i>i386 architecture</i><br> | |||
| Change the implementation of i386 W^X so that the "execute line" can move around. | |||
| Before it was limited to being either at 512MB (below which all code normally | |||
| lands) or at the top of the stack. Now the line can float as | |||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> | |||
| and | |||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mmap&sektion=2">mmap(2)</a> | |||
| requests need it to. This is now implemented using only GDT selectors | |||
| instead of the LDT so that it is more robust as well. | |||
| <br> | |||
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/i386/003_i386pmap.patch"> | |||
| A source code patch exists which remedies this problem</a>.<br> | |||
| <p> | |||
| <li><a name="fd"></a> | |||
| <font color="#009000"><strong>002: SECURITY FIX: January 5, 2006</strong></font> <i>All architectures</i><br> | |||
| Do not allow users to trick suid programs into re-opening files via /dev/fd. | |||
| <br> | |||
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/002_fd.patch"> | |||
| A source code patch exists which remedies this problem</a>.<br> | |||
| <p> | |||
| <li><a name="perl"></a> | |||
| <font color="#009000"><strong>001: SECURITY FIX: January 5, 2006</strong></font> <i>All architectures</i><br> | |||
| A buffer overflow has been found in the Perl interpreter with the sprintf function which | |||
| may be exploitable under certain conditions. | |||
| <br> | |||
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"> | |||
| A source code patch exists which remedies this problem</a>.<br> | |||
| <p> | |||
| </ul> | </ul> | ||
| <br> | <br> |