===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata27.html,v
retrieving revision 1.66
retrieving revision 1.67
diff -c -r1.66 -r1.67
*** www/errata27.html 2014/03/31 03:12:47 1.66
--- www/errata27.html 2014/03/31 03:36:54 1.67
***************
*** 75,85 ****
-
- All architectures
-
! 040: SECURITY FIX: Mar 18, 2001
The readline library shipped with OpenBSD allows history files creation
with a permissive
umask(2).
--- 75,83 ----
-
! 040: SECURITY FIX: Mar 18, 2001 All architectures
The readline library shipped with OpenBSD allows history files creation
with a permissive
umask(2).
***************
*** 92,98 ****
A source code patch exists which remedies this problem.
-
! 039: SECURITY FIX: Feb 22, 2001
There is an exploitable heap corruption bug in
sudo.
--- 90,96 ----
A source code patch exists which remedies this problem.
-
! 039: SECURITY FIX: Feb 22, 2001 All architectures
There is an exploitable heap corruption bug in
sudo.
***************
*** 100,125 ****
A source code patch exists which remedies this problem.
-
! 037: SECURITY FIX: Dec 4, 2000
OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.
A source code patch exists which remedies this problem.
-
! 035: SECURITY FIX: Nov 10, 2000
Hostile servers can force OpenSSH clients to do agent or X11 forwarding.
This problem is fixed as of OpenSSH 2.3.0.
A source code patch exists which remedies this problem.
-
! 033: RELIABILITY FIX: Nov 6, 2000
Invalid fields in the exec header could cause a crash.
A source code patch exists which remedies this problem.
-
! 032: SECURITY FIX: Oct 26, 2000
There are two possibly exploitable potential buffer overflows in the X11
libraries using the xtrans code. One of these vulnerabilities was
reported to the
--- 98,123 ----
A source code patch exists which remedies this problem.
-
! 037: SECURITY FIX: Dec 4, 2000 All architectures
OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.
A source code patch exists which remedies this problem.
-
! 035: SECURITY FIX: Nov 10, 2000 All architectures
Hostile servers can force OpenSSH clients to do agent or X11 forwarding.
This problem is fixed as of OpenSSH 2.3.0.
A source code patch exists which remedies this problem.
-
! 033: RELIABILITY FIX: Nov 6, 2000 All architectures
Invalid fields in the exec header could cause a crash.
A source code patch exists which remedies this problem.
-
! 032: SECURITY FIX: Oct 26, 2000 All architectures
There are two possibly exploitable potential buffer overflows in the X11
libraries using the xtrans code. One of these vulnerabilities was
reported to the
***************
*** 130,136 ****
A source code patch exists which remedies this problem.
-
! 031: SECURITY FIX: Oct 18, 2000
Apache has several bugs in mod_rewrite and mod_vhost_alias
that could cause arbitrary files accessible to the www user on the server
to be exposed under certain configurations when these modules are used.
--- 128,134 ----
A source code patch exists which remedies this problem.
-
! 031: SECURITY FIX: Oct 18, 2000 All architectures
Apache has several bugs in mod_rewrite and mod_vhost_alias
that could cause arbitrary files accessible to the www user on the server
to be exposed under certain configurations when these modules are used.
***************
*** 140,146 ****
A source code patch exists which remedies this problem.
-
! 030: SECURITY FIX: Oct 10, 2000
The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH
and TERMCAP (when it starts with a '/') environment variables.
--- 138,144 ----
A source code patch exists which remedies this problem.
-
! 030: SECURITY FIX: Oct 10, 2000 All architectures
The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH
and TERMCAP (when it starts with a '/') environment variables.
***************
*** 148,168 ****
A source code patch exists which remedies this problem.
-
! 029: RELIABILITY FIX: Oct 9, 2000
There is a non-exploitable buffer overflow in sendmail's test mode.
A source code patch exists which remedies this problem.
-
! 028: SECURITY FIX: Oct 6, 2000
There are printf-style format string bugs in several privileged programs.
A source code patch exists which remedies this problem.
-
! 027: SECURITY FIX: Oct 6, 2000
libcurses honored terminal descriptions in the $HOME/.terminfo directory
as well as in the TERMCAP environment variable for setuid and setgid
applications.
--- 146,166 ----
A source code patch exists which remedies this problem.
-
! 029: RELIABILITY FIX: Oct 9, 2000 All architectures
There is a non-exploitable buffer overflow in sendmail's test mode.
A source code patch exists which remedies this problem.
-
! 028: SECURITY FIX: Oct 6, 2000 All architectures
There are printf-style format string bugs in several privileged programs.
A source code patch exists which remedies this problem.
-
! 027: SECURITY FIX: Oct 6, 2000 All architectures
libcurses honored terminal descriptions in the $HOME/.terminfo directory
as well as in the TERMCAP environment variable for setuid and setgid
applications.
***************
*** 171,177 ****
A source code patch exists which remedies this problem.
-
! 026: SECURITY FIX: Oct 6, 2000
A format string vulnerability exists in talkd(8). It is not clear
yet what the impact is.
--- 169,175 ----
A source code patch exists which remedies this problem.
-
! 026: SECURITY FIX: Oct 6, 2000 All architectures
A format string vulnerability exists in talkd(8). It is not clear
yet what the impact is.
***************
*** 179,185 ****
A source code patch exists which remedies this problem.
-
! 025: SECURITY FIX: Oct 3, 2000
A format string vulnerability exists in the pw_error(3) function. This
manifests itself as a security hole in the chpass utility. As a workaround
which disables its functionality, do
--- 177,183 ----
A source code patch exists which remedies this problem.
-
! 025: SECURITY FIX: Oct 3, 2000 All architectures
A format string vulnerability exists in the pw_error(3) function. This
manifests itself as a security hole in the chpass utility. As a workaround
which disables its functionality, do
***************
*** 190,202 ****
A source code patch exists which remedies this problem.
-
! 024: SECURITY FIX: Sep 18, 2000
Bad ESP/AH packets could cause a crash under certain conditions.
A source code patch exists which remedies this problem.
-
! 023: SECURITY FIX: Aug 16, 2000
A format string vulnerability exists in xlock. As a workaround which disables
its functionality, do
--- 188,200 ----
A source code patch exists which remedies this problem.
-
! 024: SECURITY FIX: Sep 18, 2000 All architectures
Bad ESP/AH packets could cause a crash under certain conditions.
A source code patch exists which remedies this problem.
-
! 023: SECURITY FIX: Aug 16, 2000 All architectures
A format string vulnerability exists in xlock. As a workaround which disables
its functionality, do
***************
*** 206,212 ****
A source code patch exists which remedies this problem.
-
! 021: SECURITY FIX: July 14, 2000
Various problems in X11 libraries have various side effects. We provide a
jumbo patch to fix them.
--- 204,210 ----
A source code patch exists which remedies this problem.
-
! 021: SECURITY FIX: July 14, 2000 All architectures
Various problems in X11 libraries have various side effects. We provide a
jumbo patch to fix them.
***************
*** 237,243 ****
time /etc/weekly runs.
-
! 019: SECURITY FIX: July 5, 2000
Just like pretty much all the other unix ftp daemons on the planet,
ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default.
The problem exists if anonymous ftp is enabled.
--- 235,241 ----
time /etc/weekly runs.
-
! 019: SECURITY FIX: July 5, 2000 All architectures
Just like pretty much all the other unix ftp daemons on the planet,
ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default.
The problem exists if anonymous ftp is enabled.
***************
*** 246,260 ****
A source code patch exists which remedies this problem.
-
! 018: SECURITY FIX: July 5, 2000
Mopd contained a buffer overflow.
A source code patch exists which remedies this problem.
-
! 017: INSTALLATION FIX: July 3, 2000
!
The screen package shipped with 2.7 does not install itself properly. The
existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to
screen-3.9.5.tgz.old and a replacement package has been provided under the
--- 244,257 ----
A source code patch exists which remedies this problem.
-
! 018: SECURITY FIX: July 5, 2000 All architectures
Mopd contained a buffer overflow.
A source code patch exists which remedies this problem.
-
! 017: INSTALLATION FIX: July 3, 2000 All architectures
The screen package shipped with 2.7 does not install itself properly. The
existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to
screen-3.9.5.tgz.old and a replacement package has been provided under the
***************
*** 264,270 ****
A source code patch exists which remedies this problem.
-
! 013: SECURITY FIX: June 28, 2000
libedit would check for a .editrc file in the current directory.
That behaviour is not nice; this does not turn into a security problem in
any real world situation that we know of, but a patch is available anyways.
--- 261,267 ----
A source code patch exists which remedies this problem.
-
! 013: SECURITY FIX: June 28, 2000 All architectures
libedit would check for a .editrc file in the current directory.
That behaviour is not nice; this does not turn into a security problem in
any real world situation that we know of, but a patch is available anyways.
***************
*** 273,279 ****
A source code patch exists which remedies this problem.
-
! 012: SECURITY FIX: June 24, 2000
A serious bug in dhclient(8) could allow strings from a malicious dhcp
server to be executed in the shell as root.
--- 270,276 ----
A source code patch exists which remedies this problem.
-
! 012: SECURITY FIX: June 24, 2000 All architectures
A serious bug in dhclient(8) could allow strings from a malicious dhcp
server to be executed in the shell as root.
***************
*** 281,287 ****
A source code patch exists which remedies this problem.
-
! 009: SECURITY FIX: June 9, 2000
A serious bug in isakmpd(8) policy handling wherein policy
verification could be completely bypassed in isakmpd.
--- 278,284 ----
A source code patch exists which remedies this problem.
-
! 009: SECURITY FIX: June 9, 2000 All architectures
A serious bug in isakmpd(8) policy handling wherein policy
verification could be completely bypassed in isakmpd.
***************
*** 289,315 ****
A source code patch exists which remedies this problem.
-
! 008: RELIABILITY FIX: June 8, 2000
Some operations in msdosfs could result in a system panic.
A source code patch exists which remedies this problem.
-
! 007: RELIABILITY FIX: June 8, 2000
NFS exporting of CD filesystems caused a system panic.
A source code patch exists which remedies this problem.
-
! 006: SECURITY FIX: June 6, 2000
The non-default UseLogin feature in /etc/sshd_config is broken and should not
be used. On other operating systems, it results in a hole.
Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
-
! 005: RELIABILITY FIX: May 29, 2000
Parse IPv4 options more carefully. It is not yet clear if this can even be used
to crash the machine remote or locally.
--- 286,312 ----
A source code patch exists which remedies this problem.
-
! 008: RELIABILITY FIX: June 8, 2000 All architectures
Some operations in msdosfs could result in a system panic.
A source code patch exists which remedies this problem.
-
! 007: RELIABILITY FIX: June 8, 2000 All architectures
NFS exporting of CD filesystems caused a system panic.
A source code patch exists which remedies this problem.
-
! 006: SECURITY FIX: June 6, 2000 All architectures
The non-default UseLogin feature in /etc/sshd_config is broken and should not
be used. On other operating systems, it results in a hole.
Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
-
! 005: RELIABILITY FIX: May 29, 2000 All architectures
Parse IPv4 options more carefully. It is not yet clear if this can even be used
to crash the machine remote or locally.
***************
*** 317,330 ****
A source code patch exists which remedies this problem.
-
! 004: RELIABILITY FIX: May 29, 2000
Certain routing table modifications by the superuser could cause a system panic.
A source code patch exists which remedies this problem.
-
! 003: SECURITY FIX: May 26, 2000
It is possible to bypass the learning flag on an interface if frames
go directly to the machine acting as a
bridge.
--- 314,327 ----
A source code patch exists which remedies this problem.
-
! 004: RELIABILITY FIX: May 29, 2000 All architectures
Certain routing table modifications by the superuser could cause a system panic.
A source code patch exists which remedies this problem.
-
! 003: SECURITY FIX: May 26, 2000 All architectures
It is possible to bypass the learning flag on an interface if frames
go directly to the machine acting as a
bridge.
***************
*** 333,339 ****
A source code patch exists which remedies this problem.
-
! 002: DRIVER FIX: May 26, 2000
The
ef(4)
driver will complain when adding an address with ifconfig
--- 330,336 ----
A source code patch exists which remedies this problem.
-
! 002: DRIVER FIX: May 26, 2000 All architectures
The
ef(4)
driver will complain when adding an address with ifconfig
***************
*** 342,348 ****
A source code patch exists which remedies this problem.
-
! 001: SECURITY FIX: May 25, 2000
A misuse of ipf(8)
keep-state rules can result in firewall rules being bypassed.
--- 339,345 ----
A source code patch exists which remedies this problem.
-
! 001: SECURITY FIX: May 25, 2000 All architectures
A misuse of ipf(8)
keep-state rules can result in firewall rules being bypassed.