=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.354 retrieving revision 1.355 diff -u -r1.354 -r1.355 --- www/errata.html 2001/09/12 13:52:39 1.354 +++ www/errata.html 2001/10/22 22:09:53 1.355 @@ -1,7 +1,7 @@
- The patches below are available in CVS via the
-OPENBSD_2_9
patch branch.
+OPENBSD_3_0
patch branch.
For more detailed information on install patches to OpenBSD, please @@ -46,159 +47,13 @@
-
-
-
-
-
-
-
-A security hole exists in lpd(8)
-that may allow an attacker with line printer access to gain root
-privileges. A machine must be running lpd to be vulnerable (OpenBSD
-does not start lpd by default). Only machines with line printer
-access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
-may be used to mount an attack.
-
-A source code patch exists which remedies the problem
-
-A security hole exists in sendmail(8)
-that may allow an attacker on the local host to gain root privileges by
-specifying out-of-bounds debug parameters.
-
-A source code patch exists which remedies the problem
-
-A kernel buffer overflow exists in the NFS mount code. An attacker may
-use this overflow to execute arbitrary code in kernel mode. However,
-only users with mount(2)
-privileges can initiate this attack. In default installs, only super-user has
-mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges.
-
-A source code patch exists which remedies the problem
-
-The
-packages(7)
-subsystem incorrectly accepts some package dependencies as okay (see
-packages-specs(7)
-for details).
-
-A source code patch exists which remedies the problem,
-by forcing /usr/sbin/pkg
to be more careful in checking
-version numbers.
-
-twe(4)
-mishandles the DMA mapping resulting in a kernel panic on unaligned data
-transfers, induced by programs such as
-disklabel(8)
-and
-dump(8).
-
-A source code patch exists which remedies the problem.
-This is the second version of the patch.
-
-A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
-
-A source code patch exists which remedies the problem.
-
-sshd(8)
-allows users to delete arbitrary files named "cookies" if X11
-forwarding is enabled. X11 forwarding is disabled by default.
-
-A source code patch exists which remedies the problem.
-
-pwd_mkdb(8)
-corrupts /etc/pwd.db when modifying an existing user.
-
-A source code patch exists which remedies the problem.
-
-isakmpd(8)
-will fail to use a certificate with an identity string that is
-exactly N * 8 bytes long.
-
-A source code patch exists which remedies the problem.
-
-The 2.9 CD cover states that XFree86 3.3.6-current is included. This is only half-true.
-In fact, the XFree86 included for all architectures is 4.0.3. On the i386, the
-3.3.6 Xservers have also been included, because 4.0.3 still has weak support for
-some devices which 3.3.6 supported better.
-
-Programs using the fts(3)
-routines (such as rm, find, and most programs that take a -R
-flag) can be tricked into changing into the wrong directory if the
-parent dir is changed out from underneath it. This is similar to
-the old fts bug but happens when popping out of directories, as
-opposed to descending into them.
-
-A source code patch exists which remedies the problem.
-This is the second version of the patch.
-
-The signal handlers in sendmail(8) contain code that is unsafe in the
-context of a signal handler. This leads to potentially serious
-race conditions. At the moment this is a theoretical attack only
-and can only be exploited on the local host (if at all).
-A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.
+
-