version 1.429, 2003/02/23 20:21:41 |
version 1.430, 2003/02/25 01:31:30 |
|
|
<a name=all></a> |
<a name=all></a> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<ul> |
<ul> |
|
<a name=httpd></a> |
|
<li><font color=#009000><strong>008: SECURITY FIX: February 25, 2003</strong></font><br> |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.</br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">A source code patch exists which fixes these two issues</a>. |
|
<p> |
<a name=ssl></a> |
<a name=ssl></a> |
<li><font color=#009000><strong>007: SECURITY FIX: February 22, 2003</strong></font><br> |
<li><font color=#009000><strong>007: SECURITY FIX: February 22, 2003</strong></font><br> |
In |
In |