024: SECURITY FIX: Mar 18, 2001
! The readline library shipped with OpenBSD allows history files creation
! with a permissive
! umask(2).
! This can lead to the leakage of sensitive information in applications
! that use passwords and the like during user interaction (one such
! application is mysql).
! A source code patch exists which remedies the problem.
!
!
!
023: SECURITY FIX: Mar 2, 2001
! Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun leading to a remote DoS. This option is not on by default.
! A source code patch exists which remedies the problem.
!
020: IMPLEMENTATION FIX: Feb 15, 2001
! Client side ident protocol was broken in libwrap, affecting anything using libwrap including tcpd. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.
! A source code patch exists which remedies the problem.
!
018: SECURITY FIX: Jan 29, 2001
! Merge named
! with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities (actually it appears
! that these were already impossible to exploit beforehands).
! A source code patch exists which remedies the problem.
!
014: SECURITY FIX: Dec 22, 2000
! Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.
! A source code patch exists which remedies the problem.
!
! In addition to a source code patch, new xlock binaries have been created for each architecture listed below. Place these binaries at /usr/X11R6/bin/xlock
! and chmod 4755 /usr/X11R6/bin/xlock.
!
008: SECURITY FIX: Dec 7, 2000
- Two problems have recently been discovered in the KerberosIV code.
- 1. A symlink problem was discovered in the KerberosIV password checking
- routines /usr/bin/su and /usr/bin/login, which makes it possible for a
- local user to overwrite any file on the local machine.
- 2. It is possible to specify environment variables in telnet
- which will be passed over the to the remote host. This makes it
- possible to set environment variables on the remote side, including
- ones that have special meaning on the server. It is not clear at this
- time what the impact is, but we recommend everyone to upgrade their
- machines immediately.
022: SECURITY FIX: Mar 2, 2001
! The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory. This option is not on by default.
! A source code patch exists which remedies the problem.
006: STABILITY FIX: Dec 4, 2000
! On some machines, a PCIBIOS device driver interrupt allocation bug can cause a
! kernel hang while probing PCI devices. If you have this symptom, you can disable
! PCIBIOS as a workaround. To do this,
!
!
Enter the User Kernel Configuration by booting with the
! option "boot -c".
!
Once at the UKC> prompt, enter
! UKC> disable pcibios
! UKC> quit
!
!
See FAQ 5.6 after a successful
! boot for instructions on how to re-write your kernel to disable PCIBIOS
! permanently.
!
!
mac68k
!
!
007: INSTALL PROBLEM: Dec 4, 2000
! The X packages
! share28.tgz
! and
! font28.tgz
! were not on the CD, and only available via FTP install. These packages can be
! added post-install by using the following command:
!
! # cd /; tar xvfpz xshare28.tgz
! # cd /; tar xvfpz xfont28.tgz
!
sparc
!
!
007: INSTALL PROBLEM: Dec 4, 2000
! The X packages
! share28.tgz
! and
! font28.tgz
! were not on the CD, and only available via FTP install. These packages can be
! added post-install by using the following command:
!
! # cd /; tar xvfpz xshare28.tgz
! # cd /; tar xvfpz xfont28.tgz
!
007: INSTALL PROBLEM: Dec 4, 2000
! The X packages
! share28.tgz
! and
! font28.tgz
! were not on the CD, and only available via FTP install. These packages can be
! added post-install by using the following command:
!
! # cd /; tar xvfpz xshare28.tgz
! # cd /; tar xvfpz xfont28.tgz
!
--- 47,83 ----
All architectures
!
No problems identified yet.
i386
!
No problems identified yet.
!
!
!
alpha
!
!
No problems identified yet.
mac68k
!
No problems identified yet.
sparc
!
No problems identified yet.
amiga
!
No problems identified yet.
***************
*** 293,338 ****
hp300
!
!
007: INSTALL PROBLEM: Dec 4, 2000
! The X packages
! share28.tgz
! and
! font28.tgz
! were not on the CD, and only available via FTP install. These packages can be
! added post-install by using the following command:
!
! # cd /; tar xvfpz xshare28.tgz
! # cd /; tar xvfpz xfont28.tgz
!
mvme68k
!
!
007: INSTALL PROBLEM: Dec 4, 2000
! The X packages
! share28.tgz
! and
! font28.tgz
! were not on the CD, and only available via FTP install. These packages can be
! added post-install by using the following command:
!
! # cd /; tar xvfpz xshare28.tgz
! # cd /; tar xvfpz xfont28.tgz
!
powerpc
!
!
012: INSTALL PROBLEM: Dec 14, 2000
! The IMac DV+ (and probably some other machines) incorrectly identify their video
! hardware, but it is possible to work around the problem.
!
! A source code patch exists which remedies the problem.
--- 89,107 ----
hp300
!
No problems identified yet.
mvme68k
!
No problems identified yet.
powerpc
!
No problems identified yet.
***************
*** 344,361 ****
sun3
!
!
007: INSTALL PROBLEM: Dec 4, 2000
! The X packages
! share28.tgz
! and
! font28.tgz
! were not on the CD, and only available via FTP install. These packages can be
! added post-install by using the following command:
!
! # cd /; tar xvfpz xshare28.tgz
! # cd /; tar xvfpz xfont28.tgz
!