=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.383 retrieving revision 1.384 diff -c -r1.383 -r1.384 *** www/errata.html 2002/04/11 18:48:31 1.383 --- www/errata.html 2002/04/16 18:33:07 1.384 *************** *** 1,7 ****
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
- Effectively an upgrade of OpenSSH 3.0 to OpenSSH 3.0.2,
- a source code patch exists which remedies these problems.
- This is the second version of this patch.
-
! If the Postfix sendmail replacement is installed on a system an
! attacker may be able to gain root privileges on the local host via
! sudo(8) which runs the mailer as root with an environment inherited
! from the invoking user. While this is a bug in sudo it is not
! believed to be possible to exploit when sendmail (the mailer that
! ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes
! the mailer an environment that is not subject to influence from the
! invoking user.
! A source code patch exists which remedies the problem.
!
! Systems running with IP-in-IP encapulation can be made to crash by
! malformed packets.
! A source code patch exists which remedies the problem.
!
! A security issue exists in the lpd daemon that may allow an attacker
! to create arbitrary new files in the root directory. Only machines
! with line printer access (ie: listed in either /etc/hosts.lpd or
! /etc/hosts.equiv) may be used to mount an attack and the attacker
! must have root access on the machine. OpenBSD does not start lpd
! in the default installation.
! A source code patch exists which remedies the problem.
!
! A security issue exists in the vi.recover script that may allow an attacker
! to remove arbitrary zero-length files, regardless of ownership.
!
! A source code patch exists which remedies the problem.
!
! pf(4)
! was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
!
! A source code patch exists which remedies the problem.
!
! sshd(8)
! is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems:
!
!
! By default, OpenSSH KerberosV support only becomes active after KerberosV
! has been properly configured.
! UseLogin
! sshd option
!
boot cd:,OFWBOOT /3.0/macppc/bsd.rd
! !