version 1.365, 2001/12/13 19:01:39 |
version 1.366, 2001/12/13 19:35:15 |
|
|
<a name=all></a> |
<a name=all></a> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<ul> |
<ul> |
|
<a name=ipip> |
|
<li><font color=#009000><strong>010: RELIABILITY FIX: December 13, 2001</strong></font><br> |
|
Systems running with IP-in-IP encapulation can be made to crash by |
|
malformed packets.<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/010_ipip.patch">A source code patch exists which remedies the problem</a>. |
<a name=lpd> |
<a name=lpd> |
|
<p> |
<li><font color=#009000><strong>008: SECURITY FIX: November 28, 2001</strong></font><br> |
<li><font color=#009000><strong>008: SECURITY FIX: November 28, 2001</strong></font><br> |
A security issue exists in the lpd daemon that may allow an attacker |
A security issue exists in the lpd daemon that may allow an attacker |
to create arbitrary new files in the root directory. Only machines |
to create arbitrary new files in the root directory. Only machines |
with line printer access (ie: listed in either /etc/hosts.lpd or |
with line printer access (ie: listed in either /etc/hosts.lpd or |
/etc/hosts.equiv) may be used to mount an attack and the attacker |
/etc/hosts.equiv) may be used to mount an attack and the attacker |
must have root access on the machine. OpenBSD does not start lpd |
must have root access on the machine. OpenBSD does not start lpd |
in the default installation. |
in the default installation.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/008_lpd.patch">A source code patch exists which remedies the problem</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/008_lpd.patch">A source code patch exists which remedies the problem</a>. |
<p> |
<p> |
<a name=vi.recover> |
<a name=vi.recover> |