version 1.98, 1998/04/30 08:13:22 |
version 1.99, 1998/05/03 08:37:53 |
|
|
<a name=all></a> |
<a name=all></a> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<li><h3><font color=#e00000>All architectures</font></h3> |
<ul> |
<ul> |
<li>No problems identified yet. |
<a name=xterm-xaw></a> |
|
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
|
As stated in CERT advisory VB-98.04, there are buffer |
|
overrun problems in <strong>xterm</strong> |
|
related to the input-Method, preeditType, and *Keymap resources, and |
|
buffer overruns in the <strong>Xaw</strong> |
|
library related to the inputMethod and preeditType resources. |
|
The xterm problem represents a security vulnerability for any platform |
|
where xterm is installed setuid-root (as is the case for all OpenBSD |
|
platforms). The Xaw problem represents a security vulnerability for |
|
any setuid-root program that uses the Xaw library (including xterm). |
|
<p> |
|
<a href="http://www.xfree86.org/">XFree86 3.3.2</a> patch 1 corrects |
|
these problems. |
|
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/xterm-xaw.patch> |
|
Here's a version for the OpenBSD 2.3 tree</a>. |
<p> |
<p> |
</ul> |
</ul> |
<a name=i386></a> |
<a name=i386></a> |