=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.354 retrieving revision 1.355 diff -c -r1.354 -r1.355 *** www/errata.html 2001/09/12 13:52:39 1.354 --- www/errata.html 2001/10/22 22:09:53 1.355 *************** *** 1,7 ****
! The patches below are available in CVS via the
! OPENBSD_2_9
patch branch.
For more detailed information on install patches to OpenBSD, please --- 36,42 ---- This file is updated once a day.
The patches below are available in CVS via the
! OPENBSD_3_0
patch branch.
For more detailed information on install patches to OpenBSD, please *************** *** 46,204 ****
!
!
!
!
!
!
!
! A security hole exists in lpd(8)
! that may allow an attacker with line printer access to gain root
! privileges. A machine must be running lpd to be vulnerable (OpenBSD
! does not start lpd by default). Only machines with line printer
! access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
! may be used to mount an attack.
!
! A source code patch exists which remedies the problem
!
! A security hole exists in sendmail(8)
! that may allow an attacker on the local host to gain root privileges by
! specifying out-of-bounds debug parameters.
!
! A source code patch exists which remedies the problem
!
! A kernel buffer overflow exists in the NFS mount code. An attacker may
! use this overflow to execute arbitrary code in kernel mode. However,
! only users with mount(2)
! privileges can initiate this attack. In default installs, only super-user has
! mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges.
!
! A source code patch exists which remedies the problem
!
! The
! packages(7)
! subsystem incorrectly accepts some package dependencies as okay (see
! packages-specs(7)
! for details).
!
! A source code patch exists which remedies the problem,
! by forcing /usr/sbin/pkg
to be more careful in checking
! version numbers.
!
! twe(4)
! mishandles the DMA mapping resulting in a kernel panic on unaligned data
! transfers, induced by programs such as
! disklabel(8)
! and
! dump(8).
!
! A source code patch exists which remedies the problem.
! This is the second version of the patch.
!
! A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
!
! A source code patch exists which remedies the problem.
!
! sshd(8)
! allows users to delete arbitrary files named "cookies" if X11
! forwarding is enabled. X11 forwarding is disabled by default.
!
! A source code patch exists which remedies the problem.
!
! pwd_mkdb(8)
! corrupts /etc/pwd.db when modifying an existing user.
!
! A source code patch exists which remedies the problem.
!
! isakmpd(8)
! will fail to use a certificate with an identity string that is
! exactly N * 8 bytes long.
!
! A source code patch exists which remedies the problem.
!
! The 2.9 CD cover states that XFree86 3.3.6-current is included. This is only half-true.
! In fact, the XFree86 included for all architectures is 4.0.3. On the i386, the
! 3.3.6 Xservers have also been included, because 4.0.3 still has weak support for
! some devices which 3.3.6 supported better.
!
! Programs using the fts(3)
! routines (such as rm, find, and most programs that take a -R
! flag) can be tricked into changing into the wrong directory if the
! parent dir is changed out from underneath it. This is similar to
! the old fts bug but happens when popping out of directories, as
! opposed to descending into them.
!
! A source code patch exists which remedies the problem.
! This is the second version of the patch.
!
! The signal handlers in sendmail(8) contain code that is unsafe in the
! context of a signal handler. This leads to potentially serious
! race conditions. At the moment this is a theoretical attack only
! and can only be exploited on the local host (if at all).
! A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.
!