version 1.102, 1998/05/05 18:44:36 |
version 1.103, 1998/05/05 18:47:25 |
|
|
<a name=ipsec></a> |
<a name=ipsec></a> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
If IPSEC communication is attempted by starting photurisd(8) (which is |
If IPSEC communication is attempted by starting photurisd(8) (which is |
disabled by default), a system crash may be evoked from remote. |
disabled by default), a system crash may be evoked from remote if |
|
an attacker uses some classes of invalid packets. |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/ipsec.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/ipsec.patch> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<a name=xterm-xaw></a> |
<a name=xterm-xaw></a> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
As stated in CERT advisory VB-98.04, there are buffer |
As stated in CERT advisory VB-98.04, there are buffer |
overrun problems in <strong>xterm</strong> |
overrun problems in <strong>xterm</strong> related to the input-Method, |
related to the input-Method, preeditType, and *Keymap resources, and |
preeditType, and *Keymap resources. Additional buffer overruns exist in |
buffer overruns in the <strong>Xaw</strong> |
the <strong>Xaw</strong> library related to the inputMethod and |
library related to the inputMethod and preeditType resources. |
preeditType resources. The xterm(1) problem represents a security |
The xterm problem represents a security vulnerability for any platform |
vulnerability for any platform where xterm is installed setuid-root |
where xterm is installed setuid-root (as is the case for all OpenBSD |
(as is the case for all OpenBSD platforms). The Xaw problem represents |
platforms). The Xaw problem represents a security vulnerability for |
a security vulnerability for any setuid-root program that uses the Xaw |
any setuid-root program that uses the Xaw library (including xterm). |
library (including xterm). Patch1 from XFree86 3.3.2 corrects |
Patch1 from XFree86 3.3.2 corrects these problems. |
these problems. |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/xterm-xaw.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/xterm-xaw.patch> |
We provide a version of this patch file specifically for the OpenBSD 2.3 tree</a>. |
We provide a version of this patch file specifically for the OpenBSD 2.3 tree</a>. |
<p> |
<p> |