| version 1.22, 2000/11/02 16:40:39 |
version 1.23, 2000/11/22 17:31:17 |
|
|
| A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
| <p> |
<p> |
| <a name=sourceroute></a> |
<a name=sourceroute></a> |
| <li><strong><font color=#009000>SECURITY FIX</strong></font><br> |
<li><strong><font color=#009000>SECURITY FIX</font></strong><br> |
| If the sysctl variable <strong>net.inet.ip.forwarding</strong> is |
If the sysctl variable <strong>net.inet.ip.forwarding</strong> is |
| enabled (value 1), but the variable <strong>net.inet.ip.sourceroute</strong> |
enabled (value 1), but the variable <strong>net.inet.ip.sourceroute</strong> |
| is disabled (value 0), the kernel will block source routed packets from |
is disabled (value 0), the kernel will block source routed packets from |
|
|
| ssh 1.2.21 and previous (the ssh people have been alerted). |
ssh 1.2.21 and previous (the ssh people have been alerted). |
| <p> |
<p> |
| <a name=mmap></a> |
<a name=mmap></a> |
| <li><strong><font color=#009000>SECURITY FIX</strong></font><br> |
<li><strong><font color=#009000>SECURITY FIX</font></strong><br> |
| A bug in the vm system permits a file descriptor opened read-only on a |
A bug in the vm system permits a file descriptor opened read-only on a |
| device, to later on be mmap(2)'d read-write, and then modified. This |
device, to later on be mmap(2)'d read-write, and then modified. This |
| does not result in a security hole by itself, but it does violate the |
does not result in a security hole by itself, but it does violate the |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata22.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www