===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata27.html,v
retrieving revision 1.68
retrieving revision 1.69
diff -c -r1.68 -r1.69
*** www/errata27.html 2014/03/31 04:11:40 1.68
--- www/errata27.html 2014/03/31 16:02:48 1.69
***************
*** 77,83 ****
-
! 040: SECURITY FIX: Mar 18, 2001 All architectures
The readline library shipped with OpenBSD allows history files creation
with a permissive
umask(2).
--- 77,84 ----
-
! 040: SECURITY FIX: Mar 18, 2001
! All architectures
The readline library shipped with OpenBSD allows history files creation
with a permissive
umask(2).
***************
*** 90,96 ****
A source code patch exists which remedies this problem.
-
! 039: SECURITY FIX: Feb 22, 2001 All architectures
There is an exploitable heap corruption bug in
sudo.
--- 91,98 ----
A source code patch exists which remedies this problem.
-
! 039: SECURITY FIX: Feb 22, 2001
! All architectures
There is an exploitable heap corruption bug in
sudo.
***************
*** 98,104 ****
A source code patch exists which remedies this problem.
-
! 037: SECURITY FIX: Dec 4, 2000 All architectures
OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.
A source code patch exists which remedies this problem.
--- 100,107 ----
A source code patch exists which remedies this problem.
-
! 037: SECURITY FIX: Dec 4, 2000
! All architectures
OpenBSD 2.7's ftpd contains a one-byte overflow in the replydirname() function.
A source code patch exists which remedies this problem.
***************
*** 110,116 ****
A source code patch exists which remedies this problem.
-
! 035: SECURITY FIX: Nov 10, 2000 All architectures
Hostile servers can force OpenSSH clients to do agent or X11 forwarding.
This problem is fixed as of OpenSSH 2.3.0.
--- 113,120 ----
A source code patch exists which remedies this problem.
-
! 035: SECURITY FIX: Nov 10, 2000
! All architectures
Hostile servers can force OpenSSH clients to do agent or X11 forwarding.
This problem is fixed as of OpenSSH 2.3.0.
***************
*** 124,136 ****
A source code patch exists which remedies this problem.
-
! 033: RELIABILITY FIX: Nov 6, 2000 All architectures
Invalid fields in the exec header could cause a crash.
A source code patch exists which remedies this problem.
-
! 032: SECURITY FIX: Oct 26, 2000 All architectures
There are two possibly exploitable potential buffer overflows in the X11
libraries using the xtrans code. One of these vulnerabilities was
reported to the
--- 128,142 ----
A source code patch exists which remedies this problem.
-
! 033: RELIABILITY FIX: Nov 6, 2000
! All architectures
Invalid fields in the exec header could cause a crash.
A source code patch exists which remedies this problem.
-
! 032: SECURITY FIX: Oct 26, 2000
! All architectures
There are two possibly exploitable potential buffer overflows in the X11
libraries using the xtrans code. One of these vulnerabilities was
reported to the
***************
*** 141,147 ****
A source code patch exists which remedies this problem.
-
! 031: SECURITY FIX: Oct 18, 2000 All architectures
Apache has several bugs in mod_rewrite and mod_vhost_alias
that could cause arbitrary files accessible to the www user on the server
to be exposed under certain configurations when these modules are used.
--- 147,154 ----
A source code patch exists which remedies this problem.
-
! 031: SECURITY FIX: Oct 18, 2000
! All architectures
Apache has several bugs in mod_rewrite and mod_vhost_alias
that could cause arbitrary files accessible to the www user on the server
to be exposed under certain configurations when these modules are used.
***************
*** 151,157 ****
A source code patch exists which remedies this problem.
-
! 030: SECURITY FIX: Oct 10, 2000 All architectures
The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH
and TERMCAP (when it starts with a '/') environment variables.
--- 158,165 ----
A source code patch exists which remedies this problem.
-
! 030: SECURITY FIX: Oct 10, 2000
! All architectures
The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH
and TERMCAP (when it starts with a '/') environment variables.
***************
*** 159,179 ****
A source code patch exists which remedies this problem.
-
! 029: RELIABILITY FIX: Oct 9, 2000 All architectures
There is a non-exploitable buffer overflow in sendmail's test mode.
A source code patch exists which remedies this problem.
-
! 028: SECURITY FIX: Oct 6, 2000 All architectures
There are printf-style format string bugs in several privileged programs.
A source code patch exists which remedies this problem.
-
! 027: SECURITY FIX: Oct 6, 2000 All architectures
libcurses honored terminal descriptions in the $HOME/.terminfo directory
as well as in the TERMCAP environment variable for setuid and setgid
applications.
--- 167,190 ----
A source code patch exists which remedies this problem.
-
! 029: RELIABILITY FIX: Oct 9, 2000
! All architectures
There is a non-exploitable buffer overflow in sendmail's test mode.
A source code patch exists which remedies this problem.
-
! 028: SECURITY FIX: Oct 6, 2000
! All architectures
There are printf-style format string bugs in several privileged programs.
A source code patch exists which remedies this problem.
-
! 027: SECURITY FIX: Oct 6, 2000
! All architectures
libcurses honored terminal descriptions in the $HOME/.terminfo directory
as well as in the TERMCAP environment variable for setuid and setgid
applications.
***************
*** 182,188 ****
A source code patch exists which remedies this problem.
-
! 026: SECURITY FIX: Oct 6, 2000 All architectures
A format string vulnerability exists in talkd(8). It is not clear
yet what the impact is.
--- 193,200 ----
A source code patch exists which remedies this problem.
-
! 026: SECURITY FIX: Oct 6, 2000
! All architectures
A format string vulnerability exists in talkd(8). It is not clear
yet what the impact is.
***************
*** 190,196 ****
A source code patch exists which remedies this problem.
-
! 025: SECURITY FIX: Oct 3, 2000 All architectures
A format string vulnerability exists in the pw_error(3) function. This
manifests itself as a security hole in the chpass utility. As a workaround
which disables its functionality, do
--- 202,209 ----
A source code patch exists which remedies this problem.
-
! 025: SECURITY FIX: Oct 3, 2000
! All architectures
A format string vulnerability exists in the pw_error(3) function. This
manifests itself as a security hole in the chpass utility. As a workaround
which disables its functionality, do
***************
*** 201,213 ****
A source code patch exists which remedies this problem.
-
! 024: SECURITY FIX: Sep 18, 2000 All architectures
Bad ESP/AH packets could cause a crash under certain conditions.
A source code patch exists which remedies this problem.
-
! 023: SECURITY FIX: Aug 16, 2000 All architectures
A format string vulnerability exists in xlock. As a workaround which disables
its functionality, do
--- 214,228 ----
A source code patch exists which remedies this problem.
-
! 024: SECURITY FIX: Sep 18, 2000
! All architectures
Bad ESP/AH packets could cause a crash under certain conditions.
A source code patch exists which remedies this problem.
-
! 023: SECURITY FIX: Aug 16, 2000
! All architectures
A format string vulnerability exists in xlock. As a workaround which disables
its functionality, do
***************
*** 236,242 ****
reboot your machine and it will generate ssh keys correctly.
-
! 021: SECURITY FIX: July 14, 2000 All architectures
Various problems in X11 libraries have various side effects. We provide a
jumbo patch to fix them.
--- 251,258 ----
reboot your machine and it will generate ssh keys correctly.
-
! 021: SECURITY FIX: July 14, 2000
! All architectures
Various problems in X11 libraries have various side effects. We provide a
jumbo patch to fix them.
***************
*** 281,287 ****
A source code patch exists which remedies this problem.
-
! 019: SECURITY FIX: July 5, 2000 All architectures
Just like pretty much all the other unix ftp daemons on the planet,
ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default.
The problem exists if anonymous ftp is enabled.
--- 297,304 ----
A source code patch exists which remedies this problem.
-
! 019: SECURITY FIX: July 5, 2000
! All architectures
Just like pretty much all the other unix ftp daemons on the planet,
ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default.
The problem exists if anonymous ftp is enabled.
***************
*** 290,303 ****
A source code patch exists which remedies this problem.
-
! 018: SECURITY FIX: July 5, 2000 All architectures
Mopd contained a buffer overflow.
A source code patch exists which remedies this problem.
-
! 017: INSTALLATION FIX: July 3, 2000 All architectures
The screen package shipped with 2.7 does not install itself properly. The
existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to
screen-3.9.5.tgz.old and a replacement package has been provided under the
--- 307,322 ----
A source code patch exists which remedies this problem.
-
! 018: SECURITY FIX: July 5, 2000
! All architectures
Mopd contained a buffer overflow.
A source code patch exists which remedies this problem.
-
! 017: INSTALLATION FIX: July 3, 2000
! All architectures
The screen package shipped with 2.7 does not install itself properly. The
existing package in 2.7/packages/_ARCH_/screen-3.9.5.tgz has been renamed to
screen-3.9.5.tgz.old and a replacement package has been provided under the
***************
*** 338,344 ****
This is the second revision of the patch.
-
! 013: SECURITY FIX: June 28, 2000 All architectures
libedit would check for a .editrc file in the current directory.
That behaviour is not nice; this does not turn into a security problem in
any real world situation that we know of, but a patch is available anyways.
--- 357,364 ----
This is the second revision of the patch.
-
! 013: SECURITY FIX: June 28, 2000
! All architectures
libedit would check for a .editrc file in the current directory.
That behaviour is not nice; this does not turn into a security problem in
any real world situation that we know of, but a patch is available anyways.
***************
*** 347,353 ****
A source code patch exists which remedies this problem.
-
! 012: SECURITY FIX: June 24, 2000 All architectures
A serious bug in dhclient(8) could allow strings from a malicious dhcp
server to be executed in the shell as root.
--- 367,374 ----
A source code patch exists which remedies this problem.
-
! 012: SECURITY FIX: June 24, 2000
! All architectures
A serious bug in dhclient(8) could allow strings from a malicious dhcp
server to be executed in the shell as root.
***************
*** 387,393 ****
The FTP area sets do not suffer from this problem.
-
! 009: SECURITY FIX: June 9, 2000 All architectures
A serious bug in isakmpd(8) policy handling wherein policy
verification could be completely bypassed in isakmpd.
--- 408,415 ----
The FTP area sets do not suffer from this problem.
-
! 009: SECURITY FIX: June 9, 2000
! All architectures
A serious bug in isakmpd(8) policy handling wherein policy
verification could be completely bypassed in isakmpd.
***************
*** 395,421 ****
A source code patch exists which remedies this problem.
-
! 008: RELIABILITY FIX: June 8, 2000 All architectures
Some operations in msdosfs could result in a system panic.
A source code patch exists which remedies this problem.
-
! 007: RELIABILITY FIX: June 8, 2000 All architectures
NFS exporting of CD filesystems caused a system panic.
A source code patch exists which remedies this problem.
-
! 006: SECURITY FIX: June 6, 2000 All architectures
The non-default UseLogin feature in /etc/sshd_config is broken and should not
be used. On other operating systems, it results in a hole.
Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
-
! 005: RELIABILITY FIX: May 29, 2000 All architectures
Parse IPv4 options more carefully. It is not yet clear if this can even be used
to crash the machine remote or locally.
--- 417,447 ----
A source code patch exists which remedies this problem.
-
! 008: RELIABILITY FIX: June 8, 2000
! All architectures
Some operations in msdosfs could result in a system panic.
A source code patch exists which remedies this problem.
-
! 007: RELIABILITY FIX: June 8, 2000
! All architectures
NFS exporting of CD filesystems caused a system panic.
A source code patch exists which remedies this problem.
-
! 006: SECURITY FIX: June 6, 2000
! All architectures
The non-default UseLogin feature in /etc/sshd_config is broken and should not
be used. On other operating systems, it results in a hole.
Avoid use of this feature, or update to OpenSSH 2.1.1 or later if you must use it.
-
! 005: RELIABILITY FIX: May 29, 2000
! All architectures
Parse IPv4 options more carefully. It is not yet clear if this can even be used
to crash the machine remote or locally.
***************
*** 423,436 ****
A source code patch exists which remedies this problem.
-
! 004: RELIABILITY FIX: May 29, 2000 All architectures
Certain routing table modifications by the superuser could cause a system panic.
A source code patch exists which remedies this problem.
-
! 003: SECURITY FIX: May 26, 2000 All architectures
It is possible to bypass the learning flag on an interface if frames
go directly to the machine acting as a
bridge.
--- 449,464 ----
A source code patch exists which remedies this problem.
-
! 004: RELIABILITY FIX: May 29, 2000
! All architectures
Certain routing table modifications by the superuser could cause a system panic.
A source code patch exists which remedies this problem.
-
! 003: SECURITY FIX: May 26, 2000
! All architectures
It is possible to bypass the learning flag on an interface if frames
go directly to the machine acting as a
bridge.
***************
*** 439,445 ****
A source code patch exists which remedies this problem.
-
! 002: DRIVER FIX: May 26, 2000 All architectures
The
ef(4)
driver will complain when adding an address with ifconfig
--- 467,474 ----
A source code patch exists which remedies this problem.
-
! 002: DRIVER FIX: May 26, 2000
! All architectures
The
ef(4)
driver will complain when adding an address with ifconfig
***************
*** 448,454 ****
A source code patch exists which remedies this problem.
-
! 001: SECURITY FIX: May 25, 2000 All architectures
A misuse of ipf(8)
keep-state rules can result in firewall rules being bypassed.
--- 477,484 ----
A source code patch exists which remedies this problem.
-
! 001: SECURITY FIX: May 25, 2000
! All architectures
A misuse of ipf(8)
keep-state rules can result in firewall rules being bypassed.