===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata26.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -c -r1.1 -r1.2
*** www/errata26.html 2000/05/19 20:04:53 1.1
--- www/errata26.html 2000/05/25 07:36:21 1.2
***************
*** 37,42 ****
--- 37,56 ----
All architectures
+
+ - 022: SECURITY FIX: May 25, 2000
+ xlockmore has a localhost attack against it which allows recovery of the encrypted
+ hash of the root password. The damage to systems using DES passwords from this
+ attack is pretty heavy, but to systems with a well-chosen root password under
+ blowfish encoding
+ (see
+ crypt(3))
+ the impact is much reduced.
+ (Aside: We do not consider this a localhost root hole in the default install,
+ since we have not seen a fast blowfish cracker yet ;-)
+
+ A source code patch exists, which remedies this problem.
+
- 021: RZSZ SNOOPING: Jan 31, 2000
The rzsz port was removed from the ports collection, as it collects and
***************
*** 284,290 ****
www@openbsd.org
!
$OpenBSD: errata26.html,v 1.1 2000/05/19 20:04:53 deraadt Exp $