![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www|
Return to errata.html CVS log | Up to [local] / www |
| version 1.524, 2005/01/12 06:36:53 | version 1.525, 2005/01/12 15:08:02 | ||
|---|---|---|---|
|
|
||
| <h3><font color="#e00000">All architectures</font></h3> | <h3><font color="#e00000">All architectures</font></h3> | ||
| <ul> | <ul> | ||
| <li><a name="rtt"></a> | <li><a name="rtt"></a> | ||
| <font color="#009000"><strong>010: RELIABILITY FIX: January 10, 2005</strong></font><br> | <font color="#009000"><strong>010: RELIABILITY FIX: January 11, 2005</strong></font><br> | ||
| A bug in the | A bug in the | ||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcp&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">tcp(4)</a> | <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcp&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">tcp(4)</a> | ||
| stack allows an invalid argument to be used in calculating the TCP | stack allows an invalid argument to be used in calculating the TCP | ||
|
|
||
| timestamp option, an attacker can cause a system panic. | timestamp option, an attacker can cause a system panic. | ||
| <br> | <br> | ||
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/010_rtt.patch"> | <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/010_rtt.patch"> | ||
| A source code patch exists which remedies this problem</a>.<br> | |||
| <p> | |||
| <li><a name="httpd"></a> | |||
| <font color="#009000"><strong>009: SECURITY FIX: January 12, 2005</strong></font><br> | |||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">httpd(8)</a> | |||
| 's mod_include module fails to properly validate the length of | |||
| user supplied tag strings prior to copying them to a local buffer, | |||
| causing a buffer overflow. | |||
| <br> | |||
| This would require enabling the XBitHack directive or server-side | |||
| includes and making use of a malicious document. | |||
| <br> | |||
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch"> | |||
| A source code patch exists which remedies this problem</a>.<br> | A source code patch exists which remedies this problem</a>.<br> | ||
| <p> | <p> | ||