Return to errata.html CVS log | Up to [local] / www |
version 1.546, 2006/01/14 18:02:36 | version 1.547, 2006/02/12 10:25:39 | ||
---|---|---|---|
|
|
||
<a name="vax"></a> | <a name="vax"></a> | ||
<ul> | <ul> | ||
<li><a name="ssh"></a> | |||
<font color="#009000"><strong>005: SECURITY FIX: February 12, 2006</strong></font> <i>all architecture</i><br> | |||
Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=system&sektion=3">system(3)</a> | |||
function in | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> | |||
when performing copy operations using filenames that are supplied by the user from the command line. | |||
This can be exploited to execute shell commands with privileges of the user running | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>. | |||
<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"> | |||
A source code patch exists which remedies this problem</a>.<br> | |||
<p> | |||
<li><a name="i386machdep"></a> | <li><a name="i386machdep"></a> | ||
<font color="#009000"><strong>004: RELIABILITY FIX: January 13, 2006</strong></font> <i>i386 architecture</i><br> | <font color="#009000"><strong>004: RELIABILITY FIX: January 13, 2006</strong></font> <i>i386 architecture</i><br> | ||
Constrain | Constrain |