All architectures
-
-
-
- 015: SECURITY FIX: October 2, 2002
-Incorrect argument checking in the -setitimer(2) system call may allow an attacker to write to kernel memory.
-A source code patch exists which remedies the problem. - - 014: SECURITY FIX: August 11, 2002
-An insufficient boundary check in the -select(2) -system call allows an attacker to overwrite kernel memory and execute arbitrary -code in kernel context.
-A -source code patch exists which remedies the problem. - - 013: SECURITY FIX: July 30, 2002
-Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the -ssl(8) -library, as in the ASN.1 parser code in the -crypto(3) -library, all of them being potentially remotely exploitable.
-A source code patch exists which remedies the problem. - - 012: SECURITY FIX: July 29, 2002
-A buffer overflow can occur in the -xdr_array(3) -RPC code, leading to possible remote crash.
-A source code patch exists which remedies the problem. - - 011: SECURITY FIX: July 29, 2002
-A race condition exists in the -pppd(8) -daemon which may cause it to alter the file permissions of an arbitrary file.
-A source code patch exists which remedies the problem. - - 010: RELIABILITY FIX: July 5, 2002
-Receiving IKE payloads out of sequence can cause -isakmpd(8) to crash.
-A source code patch exists which remedies the problem. -
-This is the second version of the patch. - - 009: SECURITY FIX: June 27, 2002
-The kernel would let any user ktrace(2) set[ug]id processes.
-A source code patch exists which remedies the problem. - - 008: SECURITY FIX: June 26, 2002
-A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd -module, leading to possible remote crash or exploit.
-A source code patch exists which remedies the problem. - - 007: SECURITY FIX: June 25, 2002
-A potential buffer overflow in the DNS resolver has been found.
-A source code patch exists which remedies the problem. - - 006: SECURITY FIX: June 24, 2002
-All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation -error that can result in an integer overflow and privilege escalation. -This problem is fixed in OpenSSH -3.4, and a patch for the vulnerable releases is available as part of the -security advisory. - - 005: SECURITY FIX: June 19, 2002
-A buffer overflow can occur during the interpretation of chunked -encoding in the http daemon, leading to possible remote crash or exploit.
-A source code patch exists which remedies the problem. - - 004: SECURITY FIX: May 22, 2002
-Under certain conditions, on systems using YP with netgroups in the -password database, it is possible that -sshd(8) -does ACL checks for the requested user name but uses the password -database entry of a different user for authentication. This means -that denied users might authenticate successfully while permitted -users could be locked out.
-A source code patch exists which remedies the problem. - - 003: SECURITY FIX: May 8, 2002
-A race condition exists where an attacker could fill the file descriptor -table and defeat the kernel's protection of fd slots 0, 1, and 2 for a -setuid or setgid process.
-A source code patch exists which remedies the problem. - - 002: SECURITY FIX: April 25, 2002
-A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
-A source code patch exists which remedies the problem. - - 001: SECURITY FIX: April 22, 2002
-A local user can gain super-user privileges due to a buffer overflow -in sshd(8) -if AFS has been configured on the system or if -KerberosTgtPassing or AFSTokenPassing has been enabled -in the sshd_config file. Ticket and token passing is not enabled -by default.
-A source code patch exists which remedies the problem. -+
- No problems identified yet.
@@ -236,11 +129,12 @@
For 2.8 errata, please refer here.
For 2.9 errata, please refer here.
For 3.0 errata, please refer here.
+For 3.1 errata, please refer here.
www@openbsd.org
-$OpenBSD: errata.html,v 1.415 2002/10/02 20:44:17 jason Exp $ +
$OpenBSD: errata.html,v 1.416 2002/10/17 08:38:56 deraadt Exp $