| version 1.91, 1998/04/22 14:52:49 |
version 1.92, 1998/04/22 14:55:30 |
|
|
| <a name=rmjob></a> |
<a name=rmjob></a> |
| <li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
| An exploitable buffer mismanagement exists in a subroutine used by |
An exploitable buffer mismanagement exists in a subroutine used by |
| lprm and lpd. The problem is only localhost exploitable if you |
lprm and lpd. The problem is exploitable by users on a particular |
| have lpd enabled and <strong>/etc/printcap</strong> pointing at |
machine if there is an entry in <strong>/etc/printcap</strong> which |
| a remote printer. |
points at a remote printer. |
| <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/rmjob.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/rmjob.patch> |
| A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
| <p> |
<p> |
| <a name=uucpd></a> |
<a name=uucpd></a> |
| <li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
| A DNS-based vulnerability exists when uucpd is used. By default this ships |
A DNS-based vulnerability exists when uucpd is used. By default uucpd |
| disabled in the system, but some sites may have enabled it. |
is not enabled in the OpenBSD releases, but some sites may have enabled it. |
| <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/uucpd.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/uucpd.patch> |
| A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www