www/errata.html - diff - 1.366

Return to errata.html CVS log

Up to [local] / www

Diff for /www/errata.html between version 1.365 and 1.366

version 1.365, 2001/12/13 19:01:39

version 1.366, 2001/12/13 19:35:15

Line 47

Line 47

<a name=all></a>

<a name=all></a>

<li><h3><font color=#e00000>All architectures</font></h3>

<li><h3><font color=#e00000>All architectures</font></h3>

<ul>

<ul>

<a name=ipip>

<li><font color=#009000><strong>010: RELIABILITY FIX: December 13, 2001</strong></font><br>

Systems running with IP-in-IP encapulation can be made to crash by

malformed packets.<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/010_ipip.patch">A source code patch exists which remedies the problem</a>.

<a name=lpd>

<a name=lpd>

<p>

<li><font color=#009000><strong>008: SECURITY FIX: November 28, 2001</strong></font><br>

<li><font color=#009000><strong>008: SECURITY FIX: November 28, 2001</strong></font><br>

A security issue exists in the lpd daemon that may allow an attacker

A security issue exists in the lpd daemon that may allow an attacker

to create arbitrary new files in the root directory. Only machines

to create arbitrary new files in the root directory. Only machines

with line printer access (ie: listed in either /etc/hosts.lpd or

with line printer access (ie: listed in either /etc/hosts.lpd or

/etc/hosts.equiv) may be used to mount an attack and the attacker

/etc/hosts.equiv) may be used to mount an attack and the attacker

must have root access on the machine. OpenBSD does not start lpd

must have root access on the machine. OpenBSD does not start lpd

in the default installation.

in the default installation.<br>

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/008_lpd.patch">A source code patch exists which remedies the problem</a>.

<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/008_lpd.patch">A source code patch exists which remedies the problem</a>.

<p>

<p>

<a name=vi.recover>

<a name=vi.recover>