version 1.316, 2001/03/03 16:57:44 |
version 1.317, 2001/03/18 18:18:46 |
|
|
<a name=all></a> |
<a name=all></a> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<ul> |
<ul> |
|
<a name=readline></a> |
|
<li><font color=#009000><strong>024: SECURITY FIX: Mar 18, 2001</strong></font><br> |
|
The readline library shipped with OpenBSD allows history files creation with |
|
a permissive umask. This can lead to the leakage of sensitive information |
|
in applications that use passwords and the like during user interaction |
|
(one such application is mysql). |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch">A source code patch exists which remedies the problem.</a><br> |
|
<p> |
<a name=ipsec_ah></a> |
<a name=ipsec_ah></a> |
<li><font color=#009000><strong>023: SECURITY FIX: Mar 2, 2001</strong></font><br> |
<li><font color=#009000><strong>023: SECURITY FIX: Mar 2, 2001</strong></font><br> |
Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun leading to a remote DoS. This option is not on by default. |
Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun leading to a remote DoS. This option is not on by default. |