![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www|
Return to errata.html CVS log | Up to [local] / www |
| version 1.546, 2006/01/14 18:02:36 | version 1.547, 2006/02/12 10:25:39 | ||
|---|---|---|---|
|
|
||
| <a name="vax"></a> | <a name="vax"></a> | ||
| <ul> | <ul> | ||
| <li><a name="ssh"></a> | |||
| <font color="#009000"><strong>005: SECURITY FIX: February 12, 2006</strong></font> <i>all architecture</i><br> | |||
| Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the | |||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=system&sektion=3">system(3)</a> | |||
| function in | |||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> | |||
| when performing copy operations using filenames that are supplied by the user from the command line. | |||
| This can be exploited to execute shell commands with privileges of the user running | |||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>. | |||
| <br> | |||
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"> | |||
| A source code patch exists which remedies this problem</a>.<br> | |||
| <p> | |||
| <li><a name="i386machdep"></a> | <li><a name="i386machdep"></a> | ||
| <font color="#009000"><strong>004: RELIABILITY FIX: January 13, 2006</strong></font> <i>i386 architecture</i><br> | <font color="#009000"><strong>004: RELIABILITY FIX: January 13, 2006</strong></font> <i>i386 architecture</i><br> | ||
| Constrain | Constrain |