Return to errata.html CVS log | Up to [local] / www |
version 1.430, 2003/02/25 01:31:30 | version 1.431, 2003/03/03 17:29:34 | ||
---|---|---|---|
|
|
||
<a name=all></a> | <a name=all></a> | ||
<li><h3><font color=#e00000>All architectures</font></h3> | <li><h3><font color=#e00000>All architectures</font></h3> | ||
<ul> | <ul> | ||
<a name=sendmail></a> | |||
<li><font color=#009000><strong>009: SECURITY FIX: March 3, 2003</strong></font><br> | |||
A buffer overflow in the envelope comments processing in | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> | |||
may allow an attacker to gain root privileges.<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/009_sendmail.patch">A | |||
source code patch exists which remedies the problem.</a>. | |||
<p> | |||
<a name=httpd></a> | <a name=httpd></a> | ||
<li><font color=#009000><strong>008: SECURITY FIX: February 25, 2003</strong></font><br> | <li><font color=#009000><strong>008: SECURITY FIX: February 25, 2003</strong></font><br> | ||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.</br> | <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.<br> | ||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">A source code patch exists which fixes these two issues</a>. | <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch">A source code patch exists which fixes these two issues</a>. | ||
<p> | <p> | ||
<a name=ssl></a> | <a name=ssl></a> |