===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata22.html,v
retrieving revision 1.70
retrieving revision 1.71
diff -c -r1.70 -r1.71
*** www/errata22.html 2014/03/31 03:12:47 1.70
--- www/errata22.html 2014/03/31 03:36:54 1.71
***************
*** 74,84 ****
-
- All architectures
-
! SECURITY FIX
If IPSEC communication is attempted by starting photurisd(8) (which is
disabled by default), a system crash may be evoked from remote if
an attacker uses some classes of invalid packets.
--- 74,82 ----
-
! SECURITY FIX All architectures
If IPSEC communication is attempted by starting photurisd(8) (which is
disabled by default), a system crash may be evoked from remote if
an attacker uses some classes of invalid packets.
***************
*** 86,92 ****
A source code patch exists which remedies this problem.
-
! SECURITY FIX
As stated in CERT advisory VB-98.04, there are buffer
overrun problems in xterm related to the input-Method,
preeditType, and *Keymap resources. Additional buffer overruns exist in
--- 84,90 ----
A source code patch exists which remedies this problem.
-
! SECURITY FIX All architectures
As stated in CERT advisory VB-98.04, there are buffer
overrun problems in xterm related to the input-Method,
preeditType, and *Keymap resources. Additional buffer overruns exist in
***************
*** 101,107 ****
We provide a version of this patch file specifically for the OpenBSD 2.2 tree.
-
! SECURITY FIX
An exploitable buffer mismanagement exists in a subroutine used by
lprm and lpd. The problem is exploitable by users on a particular
machine if there is an entry in /etc/printcap which
--- 99,105 ----
We provide a version of this patch file specifically for the OpenBSD 2.2 tree.
-
! SECURITY FIX All architectures
An exploitable buffer mismanagement exists in a subroutine used by
lprm and lpd. The problem is exploitable by users on a particular
machine if there is an entry in /etc/printcap which
***************
*** 110,130 ****
A patch is available which corrects this behaviour.
-
! SECURITY FIX
A DNS-based vulnerability exists when uucpd is used. By default uucpd
is not enabled in the OpenBSD releases, but some sites may have enabled it.
A patch is available which corrects this behaviour.
-
! SECURITY FIX
A vulnerability exists when (and only when) /etc/named.conf has the
fake-iquery option enabled.
A patch is available which corrects this behaviour.
-
! SECURITY FIX
A vulnerability exists in ping(8); if the -R option is used to record
routes, an attacker can spoof a reply packet that will overflow inside
ping. Preliminary investigation makes it look the worst attack
--- 108,128 ----
A patch is available which corrects this behaviour.
-
! SECURITY FIX All architectures
A DNS-based vulnerability exists when uucpd is used. By default uucpd
is not enabled in the OpenBSD releases, but some sites may have enabled it.
A patch is available which corrects this behaviour.
-
! SECURITY FIX All architectures
A vulnerability exists when (and only when) /etc/named.conf has the
fake-iquery option enabled.
A patch is available which corrects this behaviour.
-
! SECURITY FIX All architectures
A vulnerability exists in ping(8); if the -R option is used to record
routes, an attacker can spoof a reply packet that will overflow inside
ping. Preliminary investigation makes it look the worst attack
***************
*** 133,139 ****
A patch is available which corrects this behaviour.
-
! SECURITY FIX
If the sysctl variable net.inet.ip.forwarding is
enabled (value 1), but the variable net.inet.ip.sourceroute
is disabled (value 0), the kernel will block source routed packets from
--- 131,137 ----
A patch is available which corrects this behaviour.
-
! SECURITY FIX All architectures
If the sysctl variable net.inet.ip.forwarding is
enabled (value 1), but the variable net.inet.ip.sourceroute
is disabled (value 0), the kernel will block source routed packets from
***************
*** 145,151 ****
A kernel patch is provided.
-
! SECURITY FIX
A combination localhost+remote host security problem exists if a
local user running a setuid binary causes a non-existent root .rhosts
file to be created via a symbolic link with a specific kind of corefile,
--- 143,149 ----
A kernel patch is provided.
-
! SECURITY FIX All architectures
A combination localhost+remote host security problem exists if a
local user running a setuid binary causes a non-existent root .rhosts
file to be created via a symbolic link with a specific kind of corefile,
***************
*** 177,183 ****
ssh 1.2.21 and previous (the ssh people have been alerted).
-
! SECURITY FIX
A bug in the vm system permits a file descriptor opened read-only on a
device, to later on be mmap(2)'d read-write, and then modified. This
does not result in a security hole by itself, but it does violate the
--- 175,181 ----
ssh 1.2.21 and previous (the ssh people have been alerted).
-
! SECURITY FIX All architectures
A bug in the vm system permits a file descriptor opened read-only on a
device, to later on be mmap(2)'d read-write, and then modified. This
does not result in a security hole by itself, but it does violate the
***************
*** 188,194 ****
A kernel patch is available which corrects this behaviour (this is
revision 3 of this patch).
!
- BUILD PROCESS FIX
Building an object tree from a read-only source tree (such as off a CDROM)
may fail under certain circumstances (e.g. when creating a symlink on sparc
whose target name is exactly 33 characters). As a workaround you have to
--- 186,192 ----
A kernel patch is available which corrects this behaviour (this is
revision 3 of this patch).
!
- BUILD PROCESS FIX All architectures
Building an object tree from a read-only source tree (such as off a CDROM)
may fail under certain circumstances (e.g. when creating a symlink on sparc
whose target name is exactly 33 characters). As a workaround you have to
***************
*** 198,211 ****
A replacement source file exists.
-
! SECURITY FIX
If a line in /etc/exports which contains hostnames results in an empty
list because none of the supplied hostnames is known, mountd(8) will
accidentally export the filesystem to the world.
A patch is available which corrects this behaviour.
!
- RELIABILITY FIX
Setting the MSG_EOR flag on a tcp packet in the send(2) family of
system calls could cause a kernel panic.
--- 196,209 ----
A replacement source file exists.
-
! SECURITY FIX All architectures
If a line in /etc/exports which contains hostnames results in an empty
list because none of the supplied hostnames is known, mountd(8) will
accidentally export the filesystem to the world.
A patch is available which corrects this behaviour.
!
- RELIABILITY FIX All architectures
Setting the MSG_EOR flag on a tcp packet in the send(2) family of
system calls could cause a kernel panic.