===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.546
retrieving revision 1.547
diff -c -r1.546 -r1.547
*** www/errata.html 2006/01/14 18:02:36 1.546
--- www/errata.html 2006/02/12 10:25:39 1.547
***************
*** 74,79 ****
--- 74,93 ----
+ -
+ 005: SECURITY FIX: February 12, 2006 all architecture
+ Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the
+ system(3)
+ function in
+ scp(1)
+ when performing copy operations using filenames that are supplied by the user from the command line.
+ This can be exploited to execute shell commands with privileges of the user running
+ scp(1).
+
+
+ A source code patch exists which remedies this problem.
+
+
-
004: RELIABILITY FIX: January 13, 2006 i386 architecture
Constrain
***************
*** 147,153 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.546 2006/01/14 18:02:36 steven Exp $