010: SECURITY FIX: March 5, 2003
A fix for an
lprm(1)
bug made in 1996 contains an error that could lead to privilege escalation.
@@ -66,7 +66,7 @@
source code patch exists which remedies the problem.
-
009: SECURITY FIX: March 3, 2003
+
009: SECURITY FIX: March 3, 2003
A buffer overflow in the envelope comments processing in
sendmail(8)
may allow an attacker to gain root privileges.
@@ -74,12 +74,12 @@
source code patch exists which remedies the problem.
-
008: SECURITY FIX: February 25, 2003
+
008: SECURITY FIX: February 25, 2003 httpd(8) leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle. A source code patch exists which fixes these two issues.
-
007: SECURITY FIX: February 22, 2003
+
007: SECURITY FIX: February 22, 2003
In
ssl(8) an information leak can occur via timing by performing a MAC computation
even if incorrect block cipher padding has been found, this is a
@@ -88,7 +88,7 @@
source code patch exists which fixes these two issues.
-
006: SECURITY FIX: January 20, 2003
+
006: SECURITY FIX: January 20, 2003
A double free in
cvs(1)
could allow an attacker to execute code with the privileges of the
@@ -100,7 +100,7 @@
source code patch exists which remedies the problem.
-
005: SECURITY FIX: November 14, 2002
+
005: SECURITY FIX: November 14, 2002
A buffer overflow in
named(8)
could allow an attacker to execute code with the privileges of named.
@@ -110,7 +110,7 @@
source code patch exists which remedies the problem.
-
004: RELIABILITY FIX: November 6, 2002
+
004: RELIABILITY FIX: November 6, 2002
A logic error in the
pool
kernel memory allocator could cause memory corruption in low-memory situations,
@@ -119,7 +119,7 @@
source code patch exists which remedies the problem.
-
003: SECURITY FIX: November 6, 2002
+
003: SECURITY FIX: November 6, 2002
An attacker can bypass the restrictions imposed by sendmail's restricted shell,
smrsh(8),
and execute arbitrary commands with the privileges of his own account.
@@ -127,7 +127,7 @@
source code patch exists which remedies the problem.
-
002: RELIABILITY FIX: November 6, 2002
+
002: RELIABILITY FIX: November 6, 2002
Network
bridges
running
@@ -138,7 +138,7 @@
source code patch exists which remedies the problem.
-
001: SECURITY FIX: October 21, 2002
+
001: SECURITY FIX: October 21, 2002
A buffer overflow can occur in the
kadmind(8)
daemon, leading to possible remote crash or exploit.
@@ -147,61 +147,61 @@