===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata26.html,v
retrieving revision 1.85
retrieving revision 1.86
diff -c -r1.85 -r1.86
*** www/errata26.html 2019/05/27 22:55:19 1.85
--- www/errata26.html 2019/05/28 16:32:41 1.86
***************
*** 84,173 ****
! -
! 024: SECURITY FIX: May 26, 2000
All architectures
! Kernel contained an undocumented system call used to lock semaphore operations
! while they were being sampled by the ipcs(1) command. This locking could be
! used as a local denial of service attack which would block the exiting of
! processes which had semaphore resources allocated. Processes not using
! semaphores are not affected, so the actual effect is very minimal.
!
A source code patch exists which remedies this problem.
!
-
! 023: SECURITY FIX: May 25, 2000
All architectures
! A misuse of ipf(8)
! keep-state rules can result in firewall rules being
! bypassed.
! This patch also includes fixes for an unaligned timestamp issue,
! and reliability fixes for ipmon and the in-kernel ftp proxy.
!
A source code patch exists which remedies this problem.
- It updates ipf to version 3.3.16.
!
-
! 022: SECURITY FIX: May 25, 2000
All architectures
! xlockmore has a localhost attack against it which allows recovery of the encrypted
! hash of the root password. The damage to systems using DES passwords from this
! attack is pretty heavy, but to systems with a well-chosen root password under
! blowfish encoding
! (see
! crypt(3))
! the impact is much reduced.
! (Aside: We do not consider this a localhost root hole in the default install,
! since we have not seen a fast blowfish cracker yet ;-)
!
A source code patch exists which remedies this problem.
! This is the 2nd patch designed to solve this problem.
!
-
! 021: RZSZ SNOOPING: Jan 31, 2000
All architectures
! The rzsz port was removed from the ports collection, as it collects and
! sends user information to a designated email address, effectively spying on
! you. It is recommended that you remove this package if you installed
! it.
!
-
! 020: LIBRARY IMPROVEMENT: Jan 26, 2000
All architectures
! syslog(3) would not try to reopen the socket, thus, nightly newsyslog(8)
! would cause syslogd(8) to not see new messages.
!
A source code patch exists which remedies this problem.
!
-
! 019: DRIVER IMPROVEMENT: Jan 20, 2000
All architectures
! Intel fxp cards with National Semiconductor PHYs (nsphy) have trouble
! negotiating and maintaining 100Mb link integrity.
!
A source code patch exists which remedies this problem.
!
-
! 018: SECURITY FIX: Jan 20, 2000
All architectures
! Systems running with procfs enabled and mounted are vulnerable
! to having the stderr output of setuid processes directed onto
! a pre-seeked descriptor onto the stack in their own procfs memory.
! Note that procfs is not mounted by default in OpenBSD.
!
A source code patch exists which remedies this problem.
!
-
! 017: FUNCTIONALITY ADDITION: Nov 14, 1999
All architectures
! Fortran doesn't work right. The file /usr/include/g2c.h is missing in the
! release.
!
A source code patch exists which remedies this problem.
- The patch fixes the source tree and describes how to properly add
-
- the include file to your system.
-
016: SECURITY FIX: Dec 2, 1999
All architectures
--- 84,209 ----