| version 1.102, 1998/05/05 18:44:36 |
version 1.103, 1998/05/05 18:47:25 |
|
|
| <a name=ipsec></a> |
<a name=ipsec></a> |
| <li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
| If IPSEC communication is attempted by starting photurisd(8) (which is |
If IPSEC communication is attempted by starting photurisd(8) (which is |
| disabled by default), a system crash may be evoked from remote. |
disabled by default), a system crash may be evoked from remote if |
| |
an attacker uses some classes of invalid packets. |
| <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/ipsec.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/ipsec.patch> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <a name=xterm-xaw></a> |
<a name=xterm-xaw></a> |
| <li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
| As stated in CERT advisory VB-98.04, there are buffer |
As stated in CERT advisory VB-98.04, there are buffer |
| overrun problems in <strong>xterm</strong> |
overrun problems in <strong>xterm</strong> related to the input-Method, |
| related to the input-Method, preeditType, and *Keymap resources, and |
preeditType, and *Keymap resources. Additional buffer overruns exist in |
| buffer overruns in the <strong>Xaw</strong> |
the <strong>Xaw</strong> library related to the inputMethod and |
| library related to the inputMethod and preeditType resources. |
preeditType resources. The xterm(1) problem represents a security |
| The xterm problem represents a security vulnerability for any platform |
vulnerability for any platform where xterm is installed setuid-root |
| where xterm is installed setuid-root (as is the case for all OpenBSD |
(as is the case for all OpenBSD platforms). The Xaw problem represents |
| platforms). The Xaw problem represents a security vulnerability for |
a security vulnerability for any setuid-root program that uses the Xaw |
| any setuid-root program that uses the Xaw library (including xterm). |
library (including xterm). Patch1 from XFree86 3.3.2 corrects |
| Patch1 from XFree86 3.3.2 corrects these problems. |
these problems. |
| <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/xterm-xaw.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/xterm-xaw.patch> |
| We provide a version of this patch file specifically for the OpenBSD 2.3 tree</a>. |
We provide a version of this patch file specifically for the OpenBSD 2.3 tree</a>. |
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www