| version 1.4, 1998/04/23 16:53:10 |
version 1.5, 1998/05/03 09:13:32 |
|
|
| <a name=all></a> |
<a name=all></a> |
| <li><h3><font color=#e00000>All architectures</font></h3> |
<li><h3><font color=#e00000>All architectures</font></h3> |
| <ul> |
<ul> |
| |
<a name=xterm-xaw></a> |
| |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
| |
As stated in CERT advisory VB-98.04, there are buffer |
| |
overrun problems in <strong>xterm</strong> |
| |
related to the input-Method, preeditType, and *Keymap resources, and |
| |
buffer overruns in the <strong>Xaw</strong> |
| |
library related to the inputMethod and preeditType resources. |
| |
The xterm problem represents a security vulnerability for any platform |
| |
where xterm is installed setuid-root (as is the case for all OpenBSD |
| |
platforms). The Xaw problem represents a security vulnerability for |
| |
any setuid-root program that uses the Xaw library (including xterm). |
| |
<p> |
| |
<a href="http://www.xfree86.org/">XFree86 3.3.2</a> patch 1 corrects |
| |
these problems. |
| |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/xterm-xaw.patch> |
| |
Here's a version for the OpenBSD 2.2 tree</a>. |
| |
<p> |
| <a name=rmjob></a> |
<a name=rmjob></a> |
| <li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
| An exploitable buffer mismanagement exists in a subroutine used by |
An exploitable buffer mismanagement exists in a subroutine used by |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata22.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www