Return to errata.html CVS log | Up to [local] / www |
version 1.377, 2002/03/15 16:55:06 | version 1.378, 2002/03/19 22:06:26 | ||
---|---|---|---|
|
|
||
<a name=all></a> | <a name=all></a> | ||
<li><h3><font color=#e00000>All architectures</font></h3> | <li><h3><font color=#e00000>All architectures</font></h3> | ||
<ul> | <ul> | ||
<a name=approval></a> | |||
<li><font color=#009000><strong>016: SECURITY FIX: March 19, 2002</strong></font><br> | |||
Under certain conditions, on systems using YP with netgroups in the password | |||
database, it is possible for the | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rexecd&sektion=8">rexecd(8)</a> | |||
and | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rshd&sektion=8">rshd(8)</a> | |||
for the rexecd and rshd daemons to execute the shell from a different user's | |||
password entry. Due to a similar problem, | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atrun&sektion=8">atrun(8)</a> | |||
may change to the wrong home directory when running | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> | |||
jobs.<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch">A source code patch exists which remedies the problem</a>. | |||
<p> | |||
<a name=zlib></a> | <a name=zlib></a> | ||
<li><font color=#009000><strong>015: RELIABILITY FIX: March 13, 2002</strong></font><br> | <li><font color=#009000><strong>015: RELIABILITY FIX: March 13, 2002</strong></font><br> | ||
Under some circumstances the zlib compression library can free dynamically | Under some circumstances the zlib compression library can free dynamically |