=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.194 retrieving revision 1.195 diff -c -r1.194 -r1.195 *** www/errata.html 1999/08/31 11:43:40 1.194 --- www/errata.html 1999/09/14 02:53:10 1.195 *************** *** 39,45 ****
  • SECURITY FIX
    In cron(8), make sure argv[] is NULL terminated in the fake popen() and run sendmail as the user, not as root. ! A source code patch exists which remedies this problem.

    --- 39,45 ----

  • SECURITY FIX
    In cron(8), make sure argv[] is NULL terminated in the fake popen() and run sendmail as the user, not as root. ! A source code patch exists which remedies this problem.

    *************** *** 47,59 **** The procfs and fdescfs filesystems had an overrun in their handling of uio_offset in their readdir() routines. (These filesystems are not enabled by default). ! A source code patch exists which remedies this problem.

  • SECURITY FIX
    Stop profiling (see profil(2)) when we execve() a new process. ! A source code patch exists which remedies this problem.

    --- 47,59 ---- The procfs and fdescfs filesystems had an overrun in their handling of uio_offset in their readdir() routines. (These filesystems are not enabled by default). ! A source code patch exists which remedies this problem.

  • SECURITY FIX
    Stop profiling (see profil(2)) when we execve() a new process. ! A source code patch exists which remedies this problem.

    *************** *** 61,81 **** Packets that should have been handled by IPsec may be transmitted as cleartext. PF_KEY SA expirations may leak kernel resources. A source code patch exists which remedies this problem.

  • SECURITY FIX
    In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1) to use -execdir. ! A source code patch exists which remedies this problem.

  • SECURITY FIX
    Do not permit regular users to chflags(2) or fchflags(2) on character or block devices which they may currently be the owner of. ! A source code patch exists which remedies this problem.

    --- 61,81 ---- Packets that should have been handled by IPsec may be transmitted as cleartext. PF_KEY SA expirations may leak kernel resources. A source code patch exists which remedies this problem.

  • SECURITY FIX
    In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1) to use -execdir. ! A source code patch exists which remedies this problem.

  • SECURITY FIX
    Do not permit regular users to chflags(2) or fchflags(2) on character or block devices which they may currently be the owner of. ! A source code patch exists which remedies this problem.

    *************** *** 84,118 **** to avoid various groff features which may be security issues. On the whole, this is not really a security issue, but it was discussed on BUGTRAQ as if it is. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    Programs using fts(3) could dump core when given a directory structure with a very large number of entries. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in failure to retransmit correctly. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    Retransmitted TCP packets could get corrupted when flowing over an IPSEC ESP tunnel. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    A local user can crash the system by reading a file larger than 64meg from an ext2fs partition. ! A source code patch exists which remedies this problem.

    --- 84,118 ---- to avoid various groff features which may be security issues. On the whole, this is not really a security issue, but it was discussed on BUGTRAQ as if it is. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    Programs using fts(3) could dump core when given a directory structure with a very large number of entries. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in failure to retransmit correctly. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    Retransmitted TCP packets could get corrupted when flowing over an IPSEC ESP tunnel. ! A source code patch exists which remedies this problem.

  • RELIABILITY FIX
    A local user can crash the system by reading a file larger than 64meg from an ext2fs partition. ! A source code patch exists which remedies this problem.

    *************** *** 121,127 **** system running an IPsec keymanagement daemon like photurisd or isakmpd will cause the networking subsystem to stop working after a finite amount of time. ! A source code patch exists which remedies this problem.

    --- 121,127 ---- system running an IPsec keymanagement daemon like photurisd or isakmpd will cause the networking subsystem to stop working after a finite amount of time. ! A source code patch exists which remedies this problem.

    *************** *** 193,199 ****

  • RELIABILITY FIX
    Two problems in the powerpc kernel trap handling cause severe system unreliability. ! A source code patch exists which remedies these problems.

    --- 193,199 ----

  • RELIABILITY FIX
    Two problems in the powerpc kernel trap handling cause severe system unreliability. ! A source code patch exists which remedies these problems.

    *************** *** 211,217 **** OpenBSD www@openbsd.org !
    $OpenBSD: errata.html,v 1.194 1999/08/31 11:43:40 deraadt Exp $ --- 211,217 ---- OpenBSD www@openbsd.org !
    $OpenBSD: errata.html,v 1.195 1999/09/14 02:53:10 deraadt Exp $