Return to errata.html CVS log | Up to [local] / www |
version 1.321, 2001/04/10 16:05:48 | version 1.322, 2001/04/23 22:12:17 | ||
---|---|---|---|
|
|
||
<a name=all></a> | <a name=all></a> | ||
<li><h3><font color=#e00000>All architectures</font></h3> | <li><h3><font color=#e00000>All architectures</font></h3> | ||
<ul> | <ul> | ||
<a name=ipf_frag></a> | |||
<li><font color=#009000><strong>027: SECURITY FIX: Apr 23, 2001</strong></font><br> | |||
IPF has a serious problem with fragment cacheing, the bug is triggered if you use the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=5">ipf(5)</a> syntax "keep state".<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/027_ipf-frag.patch">A source code patch exists which remedies the problem.</a><br> | |||
<p> | |||
<a name=glob_limit></a> | |||
<li><font color=#009000><strong>026: SECURITY FIX: Apr 23, 2001</strong></font><br> | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glob&sektion=3">ftpd(8)</a> has a potential DoS related to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glob&sektion=3">glob(3)</a>. This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have <a href="#glob">025_glob.patch</a> installed before installing this patch.<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/026_globlimit.patch">A source code patch exists which remedies the problem.</a><br> | |||
<p> | |||
<a name=glob></a> | <a name=glob></a> | ||
<li><font color=#009000><strong>025: SECURITY FIX: Apr 10, 2001</strong></font><br> | <li><font color=#009000><strong>025: SECURITY FIX: Apr 10, 2001</strong></font><br> | ||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glob&sektion=3">glob(3)</a> contains multiple buffer overflows. <br> | <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glob&sektion=3">glob(3)</a> contains multiple buffer overflows. <br> |